I am making a web based chatting platform where people can chat and also they can share files. If any hacker inject a malicious file then there is a risk my website maybe got hacked. I am just thinking about embedding the files shared by users from a different domain name with different hosting so the script will look like -
<iframe src="server-url.com?file=filename.ext" ></iframe >
And iframe src URL will response by
<html>
<head></head>
<body>
<img src="filename.ext" >
</body>
</html>
Is this technique prevent my website from getting hacked? If not, what is the best way to protect my website from malicious files?
Now it all depends on the site you are using the iframe attribute for. If the site is secure and has SSL (Referring to the 3rd party site you are iframing) then you should be good.
Now if you did want to make it secure, you could use the "Sandbox" attribute. I have a link below from W3 schools that explains more about it. Sandbox will usually block most content, but there are attribute values that allow you to make exceptions
For example, let's say your iframe chat uses scripts to function, you could do something like this
<iframe src="server-url.com?file=filename.ext sandbox="allow-scripts"></iframe >