iFrame Embed

What is iFrame Embed?

iFrame Embed allows you to load a Forge form inside your website using a sandboxed iframe. This is the recommended approach for production environments.

Basic Embed Snippet

<div id="forge-root"></div>
<script src="https://forge.app/forge-embed.js"></script>
<script>
  Forge.embed({
    target: "#forge-root",
    formId: "YOUR_FORM_ID"
  });
</script>

This snippet injects a sandboxed iframe that loads the published form from Forge’s embed endpoint.

Embed Behavior

• Automatically resizes height based on form content
• Uses a sandboxed iframe by default
• Loads the latest published form snapshot
• Does not require same-origin access

Sandbox & Security

• iframe is sandboxed with scripts and forms enabled by default
• Parent page cannot access iframe DOM or form data
• Forge validates message origins before accepting updates
• CAPTCHA, rate limits, and submit signatures are enforced server-side

When to Use iFrame Embed

• Embedding a form inside a production website
• When isolation and security are required
• When you want auto-resize without layout shifts

When Not to Use

• If you only need a shareable link
• If you need dev-only theme synchronization