Now, our functionality is working properly and I hope we will also pass the Security Review successfully. Code snippet: function getIframeContent(frameId) { var frameObj = document.getElementById(frameId); var frameContent = frameObj. The code above is to be written in the window that you are sending the message from, ie, the parent window. But, just sending the message is not enough. Iframes have gotten a bad reputation because they can be used by malicious websites to include content that can infect a visitor's computer without them seeing it on the page, by incorporating links pointing to the invisible iframe, and those scripts set off malicious code. Discover the basics of working with the HTML `iframe` tag. In essence, an iframe is another browser window set inside your web page. ; width: 100% and height: 100% make the iframe take all of the wrapper’s space. 3: height: This can be used to give the height of the iframe. This enables updates of parts of a website while the user browses, without making them reload the whole thing. Lack of control – Even though iframes can somewhat control content inside them to a small degree, irritating content like autoplaying videos and popups can cause a bad user experience. ; A document can be embedded into the current document using an inline frame. For example, you can embed an external HTML document as follows: The HTML