NetCommunity Pages No Longer Allowed in an iFrame
Published
As part of our normal product improvement processes, we review our security measures, protocols, and infrastructure on an ongoing basis.Â
Blackbaud NetCommunity was automatically updated in this release to include security improvements which address vulnerabilities that could potentially compromise the integrity of our product.
As part of these security improvements we removed the ability for you to use an iFrame on a third party website to display a Blackbaud NetCommunity Donation, Event Registration, Membership, or Online Admission/Reenrollment forms. If NetCommunity page is called in an iFrame on a 3rd party site, it will not display.
NetCommunity's iFrame Page Part will still work and NetCommunity will still display 3rd party content inside an iFrame on NetCommunity if the 3rd party site allows it.
The removal of iFrames prevents a hacker from attempting to add malicious code into the various forms and capturing personal or payment information from your users.
Blackbaud has historically not recommended the use of iFrames due to these security issues. Our decision is to remove the use of iFrames in order to ensure the integrity of our customers’ websites.Â
Â
If your organization is currently using iFrames, Blackbaud recommends you take immediate action to remove them. Blackbaud recommends two options to replace your use of iFrames.Â
Blackbaud apologizes for any inconvenience that this may cause. We are committed to ensuring our products meet the highest level of quality, reliability, & security. If you have any questions or concerns please feel free to reach out to Blackbaud Support or your account executive.
Â
As part of these security improvements we removed the ability for you to use an iFrame on a third party website to display a Blackbaud NetCommunity Donation, Event Registration, Membership, or Online Admission/Reenrollment forms. If NetCommunity page is called in an iFrame on a 3rd party site, it will not display.
NetCommunity's iFrame Page Part will still work and NetCommunity will still display 3rd party content inside an iFrame on NetCommunity if the 3rd party site allows it.
The removal of iFrames prevents a hacker from attempting to add malicious code into the various forms and capturing personal or payment information from your users.
Blackbaud has historically not recommended the use of iFrames due to these security issues. Our decision is to remove the use of iFrames in order to ensure the integrity of our customers’ websites.Â
Â
If your organization is currently using iFrames, Blackbaud recommends you take immediate action to remove them. Blackbaud recommends two options to replace your use of iFrames.Â
- Option One – Add Blackbaud NetCommunity design templates to all of your forms to match your existing website so that users seamlessly transition to the NetCommunity page.
- Option Two - For a more robust solution, we recommend Blackbaud Online Express which was built specifically to allow you to embed mobile-ready forms directly on third party website pages. With Online Express, you access a friendly user interface directly from within Raiser’s Edge to build forms. Then, you simply embed a small code snippet on your website wherever you need the form to appear. Regardless of whether the page on the third party site uses a SSL certificate - although we recommend it does – the form sends data over a secure, encrypted connection. When you are ready to process the transactions in Raiser’s Edge, you process them in the same familiar way you process transactions in Blackbaud NetCommunity.
Â
Blackbaud apologizes for any inconvenience that this may cause. We are committed to ensuring our products meet the highest level of quality, reliability, & security. If you have any questions or concerns please feel free to reach out to Blackbaud Support or your account executive.
Â
News
ARCHIVED | Blackbaud NetCommunityâ„¢ Blog
08/06/2015 6:47am EDT
Leave a Comment