iframes are evil

If I was in charge of browser security I would completely remove them, they are just a bad idea, I predict a huge rise of iframe based attacks from browser exploits to CSRF. I know this won't happen because there are too many people who use them and don't understand the security implications.

So I suggest a HTML tag/Attribute to enable/disable the use of a iframe and by default access is not allowed. To enable their use on your site you would have to do the following in your HTML document e.g.

<pre lang="HTML"> &lt;html security=&quot;iframe&quot;&gt; </pre>

This would allow the iframe on a per page basis and if the security attribute is not present it will not allow the iframe with a error message like "iframe not allowed on this page".