before i used the following code in my facebook app it works. But recently, the chrome browser blocked my content and said it is unsafe code. By any chance anyone can help?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<body>

<center><IFRAME SRC="http://www.XX.com/index.html" WIDTH=660 HEIGHT=700 frameborder="0">

</IFRAME>


</body>
</html>

Could it be that you are referencing a domain in the iframe other than the one your page is hosted at? This violates the cross origin framing policy. This blog article may help shed some light on the issue for you.

Are you talking about an app within facebook.com (canvas/page tab app)? For those you have to load all of your content via HTTPS, when the user is surfing Facebook via HTTPS.

If your www.XX.com domain is accessible via HTTPS, then just change the iframe address to //www.XX.com/… – that’ll let the browser pick the appropriate protocol automatically.