James
James
Jan 27, 2018 · 1 min read

Any reason not to do form validation within the iframe- either with some very trustworthy js, or even with a form submit and server side validation- and then postMessage to the parent a generic success/failure message so that the SPA app can continue accordingly? I think that would get you the same functionality without ever sending sensitive data to the parent.

    James

    Written by

    James

    jimmybyrum.com