Question about iframe security?

This is maybe a dumb question, but I recently managed to embed my workflowy lists into obsidian using iframes, and had some fun experimenting with embedding all kinds of other content.

I am wondering about the security of iframes in Obsidian though?
How secure is it to embed from a source?
Is there anything I can do to increase privacy?
Is this not even an issue?


What are your concrete concerns? Are you afraid that e.g., your Workflowy content can be seen through Obsidian somehow?

As with all tools on the web, some risks are impossible to eliminate. I do know that @Licat has been very careful about how iframes are implemented for security purposes, but I’m not sure about the specifics.

hey thanks for the reply, Licat actually already responded in the discord chat.

I was mostly worried about privacy. And also just wondering what a tainted iframe embed would have access to.

For e.g. if for some reason I embedded a bit of ill-intent code into Obsidian, what access or capabilities would that facilitate?

I am definitely not very well versed in html or any other language. Licat did mention in the discord that any access would be limited to the note it’s embedded in, which makes sense to me.