Hi all , i am building design platform where users can embed Canva designs inside the website. My question is : Is allow users to “Embed HTML code” and display the result in “html” inside bubble is a secure thing or not ? If not what is the best way to embed Canva designs or even embed any other html code ?
The HTML should be embedded into an iFrame. iFrames are web pages within the actual web page. The Bubble web page can access the iFrame, but the iFrame can’t go up and read/alter the Bubble page…
Thanks @julienallard1 for the quick reply ,my concern is the security thing , you mean it is safe to allow users submit “html code” inside my bubble app to embed a link and "display as an iframe " ??
I’m no security expert here, but yes I believe so.
I was fiddling with one of my Bubble apps when I realized that scripts within the iFrame (like in your screenshot) couldn’t read variables from the page nor make queries to the DOM (elements outside the iFrame).
I think this is the purpose of an iFrame; loading external content into a page while maintaining security.