Hi everyone, first of all, best wishes for 2026!
Many people are currently busy working on Homey dashboards and embedding various iframes. I’ve built a website https://embedme.nl with a library where you can test and save embeds.
It might be nice to share useful frames here, so other users can easily reuse them for their own dashboards.
Are the embed codes verified before they get published? I see that you load the iframes in the browser as soon as the page gets opened, is that safe with user-generated content?
It’s just a copy-and-paste website. What could be unsafe about it? You can create a profile to manage your content or save favorites, or stay anonymous.
It’s because the actual code that users paste in there gets loaded as an iframe. So someone could post an iframe and then it gets loaded for all visitors as soon as the website gets loaded.
So anybody could create a post and then anybody who opens the website also loads that iframe/code.
Also, are you checking if what’s loaded is actually inside of an iframe and not something like a script or <img src=”x” onerror=”…”>?
The issue is that you load the code snippets in the browser, because anyone can add code that then gets loaded in the browser of anybody who visits the website.
