Geek Answers Handbook

Location.href does not change iframe src

I need to check iframe src for changes from the parent page.

$('myiframe').attr('src');

works fine, but when I change the hash of the url via javascript from iframe

 location.href += '#hash';

I see that this has changed from an iframe checking location.href, but from the parent src document does not seem to change. Any help?

EDIT

Since the containing page and the iframe are in different domains, I have to check it with the src attribute, and I cannot access the iframe property location.href .

+4
source share
4 answers

the hash parameter is not in location.href, try

 location.hash = 'hash';
+3
source

I doubt that you can do this simply from parent javascript. Because then I can:

  • Create a page with a hidden iframe. (say http://mysite.com/fake )
  • In an iframe, open some intermediate page while logging into a website (something similar to https://accounts.google.com/redirlogin )
  • if a cookie for the child is present and there is not enough attention, the page in the frame will be redirected to the actual website with the user's login.
  • On the parent page, I can check all intermediate URLs that may contain some session identifiers.

NOTE. I did something similar on orkut days and that the "intermediate login page" is used to redirect to orkut. This was done for the autologue function that I wanted to implement. However, on the parent page, I could not get the information.

Notes:

  • I may be mistaken, but I believe that from a security point of view this will not be possible from pure source code. The child must inform the parents.
  • It can really work for intra-domain sites.
0
source

Cross-domain frames can set, but not read, each other. (Why? Well, reading places elsewhere will violate the same origin policy, potentially leaking confidential information that appears in the URLs. I'm not quite sure why their installation is allowed. Historically, sites have used the ability to navigate the parent page before framebust , but this is no longer true.)

So, if you are trying to use hash fragments for cross-domain frame communication (and for some reason you cannot use postMessage), then the way to do this is to have the internal frame change the hash fragment of its parent location using window.top.location.href . Then the parent page should check every time for changes in the hash fragment.

Here is the demo I found.

0
source

This snippet works for youtube clips, pdf files and html pages (if frames are not blocked by the target website)

The link will render the document "htp: // someurl" in an anonymous iframe in div id = "someID"

 `<a href="htp://someurl" onclick="renderLink('someID');return false;" title="Click to view external document">view external document</a>` `function renderLink() {` `if (!e) var e = window.event;` `var pdfsrc = e.srcElement.getAttribute('href');` `var $pdfdiv = document.getElementById('someID');` `var $pdfTarget = $pdfdiv.getElementsByTagName("iframe")[0];` `$pdfTarget.src = pdfsrc;` `}`
0
source

More articles:


All Articles