I have a .jade view that contains this:
iframe(width='800', height='166', scrolling='no', frameborder='no', src= srcStr)
And I try to render it using an input source url from the user by doing this:
var string = req.body.code;
res.render('embedview', { srcStr: string});
Now, the rendered page will just show an iframe without any content, even though the iframe code looks correct (with a src="..." attribute) when I view its source. Almost seems like it first loads the iframe with src="" and then pastes the source url in without reloading.
It is not an issue with your jade markup or HTML markup generated. I got your snippet to work fine for me once I provided a url to a page that supports being iframed from a different domain.
www.google.com for example does not support this. You can see in the response below for curl -v http://www.google.com the header X-Frame-Options
< HTTP/1.1 200 OK
< Date: Wed, 22 Aug 2012 22:21:45 GMT
< Expires: -1
< Cache-Control: private, max-age=0
< Content-Type: text/html; charset=ISO-8859-1
...
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< Transfer-Encoding: chunked
You can turn this option off if you control the code for the page being served. This is a security measure to prevent click jacking. You can read more about it here https://developer.mozilla.org/en-US/docs/The_X-FRAME-OPTIONS_response_header