HTML Interview10 Q&A

HTML Iframes Interview

Security-focused interview Q&A on iframes, embedding, sandboxing, and cross-origin behavior.

HTML Iframes Tutorial HTML Iframes MCQ
1What is an iframe?easy
Answer: An inline frame that embeds another HTML page within the current page.
2Common iframe attributes?easy
Answer: src, title, width, height, loading, sandbox, allow.
3Why is title important for iframe?medium
Answer: It improves accessibility by describing embedded content for assistive technologies.
4What does iframe sandbox do?medium
Answer: Restricts capabilities of embedded content unless explicitly allowed.
5Can parent page freely access iframe DOM always?medium
Answer: No, same-origin policy restricts cross-origin DOM access.
6How to communicate across origins safely?medium
Answer: Use window.postMessage with strict origin checks.
7How to improve iframe loading performance?easy
Answer: Use loading="lazy" and avoid unnecessary embeds.
8What are risks of third-party iframes?medium
Answer: Security, privacy tracking, performance overhead, and content control issues.
9Iframe vs embed/object for modern web?medium
Answer: iframe is preferred for embedding full external documents/apps.
10Interview best-practice summary?medium
Answer: Use iframe only when needed; include title, sandbox, and origin-safe messaging.
Tricky Q&A (10 Questions)
11iframe title attribute is important for:tricky
Answer: Correct answer: Screen reader context. title describes embedded content for assistive tech.
12sandbox attribute without flags:tricky
Answer: Correct answer: Applies maximum restrictions. Empty sandbox applies strictest default restrictions.
13allow attribute on iframe controls:tricky
Answer: Correct answer: Feature policies like autoplay. allow lists permitted capabilities for embedded content.
14referrerpolicy on iframe affects:tricky
Answer: Correct answer: Referrer header sent with requests. It controls referrer information on nested navigations.
15Embedding untrusted widgets safely often uses:tricky
Answer: Correct answer: sandbox with limited tokens. sandbox limits scripts, forms, and popups as configured.
16YouTube embeds typically use:tricky
Answer: Correct answer: iframe with embed URL. Video platforms provide iframe embed codes.
17Same-origin policy mainly restricts:tricky
Answer: Correct answer: Cross-origin DOM/JS access. Scripts cannot freely access cross-origin iframe documents.
18loading='lazy' on iframe:tricky
Answer: Correct answer: Defers loading until near viewport. Native lazy loading improves performance.
19iframe is replaced in layout by:tricky
Answer: Correct answer: Flex item behavior like inline replaced element. iframes behave as replaced elements in CSS layout.
20Critical page SEO content should:tricky
Answer: Correct answer: Be in main document HTML. Search engines may not treat iframe content as primary page content.
PreviousNext