Facebook Markup Language (FBML)

fb:iframe

Inserts an <iframe> tag into an application canvas page; you cannot use the tag on the profile page (that is, application tabs and profile boxes). You cannot use FBML inside an iframe; use XFBML tags instead.

The conventional <iframe> tag has been re-created in FBML and became <fb:iframe>. You edit the attributes for <fb:iframe> the same way you would for HTML tags.

If you aren't requiring a session secret to be passed, you must use your server's URL as the src for your iframe. Otherwise, apps.facebook.com wraps your page with the Facebook layout.

Parameters

NameTypeDescription
srcstring

The URL of the iframe. Signed GET parameters are appended to the URL to prove that the frame was loaded through Facebook, as described in the forms section. These parameters also include one named fb_sig_in_iframe to indicate this context.

smartsizebool

This parameter smartly sizes the iframe to fit the remaining space on the page and disables the outer scrollbars. If you include more than one smartsizing iframe, they automatically distribute the size appropriately. Default value is false

frameborderint

Indicates whether to show (1) or hide (0) an iframe border. Default value is 1

scrollingstring

Indicates whether to show scrollbars. Default value is yes - use "yes", "no", or "auto" (not "true" or "false")

stylestring

Indicates a custom inline style for the iframe.

widthint

Indicates the width of the iframe.

heightint

Indicates the height of the iframe.

resizablebool

Gives the ability to set the iframe's size using the JavaScript API. See Resizable IFrame for details. You must specify a name for this iframe. This option cannot be used when smartsize is enabled.

namestring

The name of the iframe. You must name the iframe when resizable is enabled.

ext_send_ssbool

As of 9 February, 2009, this parameter is deprecated. See the announcement in the Notes below.
Setting this to true requires that the session secret (fb_sig_ss) be passed, in addition to the usual fb_sig parameters, when available. You might want to require this when the iframe source is outside of the application callback URL. By default this attribute is false to prevent unintentionally sending application and user data to a third party, which can use the session secret to make API calls on behalf of the application or user. You should use this attribute only to send the session secret to an application-owned URL that needs to make API calls, as the iframe source may not necessarily fall under its callback URL. Default value is false

include_fb_sigbool

Setting this to false indicates that credential information is not sent to the site in the iframe. This prevents external sites from stealing private information.Default value is true