Social applications running on top of a container pose a major security risk for that container. To host the applications, containers essentially need to run third-party code within their pages. This raises the question of how to host applications without introducing a security risk to the users of the social networking container.
Despite the number of methods that have been employed to secure applications, iframes remain the most popular for the vast majority of containers. The benefits to using iframes are quite clear: they are easy for containers to implement, and they give application developers maximum functionality with minimal restrictions.
On the other hand, though, the limited restrictions imposed on developers who build their application content within an iframe are also the main drawback to this method. Malicious developers can take advantage of this freedom through a number of well-known iframe exploits, described in the following sections.