We have been using Worklight to develop hybrid apps to securely integrate with server generated pages. Our approach has been to use WebViews for Android and iOS platforms. Lately we have some folks who prefer using iFrame approach instead, primarily for ease-of-programming reason. Are there security related concerns of using iFrame instead of WebView in hybrid mobile apps?
0
votes
1 Answers
0
votes
The security risks of using iFrames is well known, see for instance the discussions on this stackoverflow question.
Adding to that you have to trust that the iFrame support on each platform (iOS / Android) is properly implemented and consistent.
However, I would not recommend using iFrames on a hybrid app unless you really have to. My reasoning is that a hybrid app is already based on a WebView, so iFrames would be adding one extra layer to it, which adds unnecessary complexity (that also impacts performance and memory footprint)
Not only that, but the iFrame behavior and performance is not as polished as the WebView itself and the platform support is not as consistent, as described by this Phonegap article
Finally, this is a far less common use case and it might be harder to find support to resolve styling, performance and behavior issues with the JavaScript library communities like JQuery Mobile and Dojo Mobile.
Again, this is my personal opinion on the subject.
