They still have their place; for example to embed Google Maps or a YouTube video. Generally, whenever you want to embed something from a different website you have no control over, that shouldn’t inherit your style sheets, and should be sandboxed to prevent cross site scripting attacks.
Iframes may not necessarily run in a different process (although they do at least in Chrome and Firefox, if the iframe is from a different host than the main frame), but they have a different JavaScript execution context, and the iframe has no access to the main frame’s DOM or global variables. Also, iframes have a number of restrictions, which can be individually disabled with the sandbox attribute.
They still have their place; for example to embed Google Maps or a YouTube video. Generally, whenever you want to embed something from a different website you have no control over, that shouldn’t inherit your style sheets, and should be sandboxed to prevent cross site scripting attacks.
Are iframes really sandboxed in different processes than the main frame? On which browsers?
Iframes may not necessarily run in a different process (although they do at least in Chrome and Firefox, if the iframe is from a different host than the main frame), but they have a different JavaScript execution context, and the iframe has no access to the main frame’s DOM or global variables. Also, iframes have a number of restrictions, which can be individually disabled with the
sandboxattribute.