People get hacked because of iframes all the time. This is called clickjacking. It's an example of the so-called confused deputy problem. Developers can and should mitigate the issue by setting the X-Frame-Options and Content-Security-Policy headers appropriately.
No comments yet.