Point a IFrame to a external website

Microsoft Dynamics CRM allows you to access external web sites from within forms using IFRAMES (Inline Frames). You can configure the IFRAME to take information from the parent record. A pretty standard use of this is a Web tab on the Account form where the Account’s web site URL is passed to the IFRAME and the web site is available from a Web tab.

To do this, one sets up a little code for the form On Load event that puts the Accounts web site URL into the IFRAME’s URL. It’s actually pretty simple. Here is the code (assumes you already know how to set up an IFRAME). IFRAME_WebSite is the name of the IFRAME and .src references the URL it uses.

// Load web site URL
var AccountURL = crmForm.all.websiteurl.DataValue;
if (AccountURL != null)
crmForm.all.IFRAME_WebSite.src = AccountURL;


When working with iframes in Microsoft Dynamics CRM, you may find that you need to set the source of the iframe to a blank page (often I set the source to a blank page in the form configuration – I almost always have javascript dynamically build the url for the source during the page load). Traditionally, CRM developers and consultants (myself included in this bunch) have always been setting the iframe source to about:blank. While this has been adequate for many situations, I’ve started to notice there can be issues when viewing the iframe in a browser that has Enhanced Security Configuration installed.
The issue that crops up is that about:blank will trigger warning notifications in Internet Explorer – if you’re pulling the pages up from the server (which is how I’m usually doing config work – since I’m an outside consultant), this can be a bit of a nuisance. But I’ve also been in a situation at a client who had a very tightly controlled and locked-down Active Directory environment and about:blank was throwing security warning on the client XP machines. Needless to say, this was not acceptable.
Fortunately, there is a CRM url you may use to display a blank page. Instead of setting the iframe source to about:blank, I’ve gotten into the habit of setting it to /_root/Blank.aspx. This gives you a valid url to set the iframe source to while also providing a blank space within the iframe. This method works in any iframe situation without throwing the security warnings, so I’ve made it a standard practice to always use /_root/blank.aspx when I need a blank page.