Hi all. I'm not sure this one would be allowed in cfml-general, so posting it here. Our CF based CMS platform blocks iframe tags from being submitted through the web editor and being used on web pages. We blocked this and other tags as possible security risks. However, iframes still seem to be used all over the place for embedding widgets in web pages. Is there a consensus on whether iframes are a security risk in CMS systems or web dev more generally?

A quick google: https://owasp.org/www-community/attacks/Cross_Frame_Scripting I've not had to think about CMS-type mark-up management for over a decade, so I'm not qualified to answer the more focused part of your question. Maybe see if @alexpixl8 has a moment?