Javascript and the same source frames

Question

Javascript and the same source frames

Is it possible to read / edit the contents of an iframe (and not just properties such as src) using scripts located on the page, but outside this frame? I know that this is not possible if the source is from another site, since it will be a big hole in the heart, but I only ask if it works for other content from the same source.

+6

javascript iframe

hashc0de Apr 22 '10 at 10:31

source share

5 answers

kybernetikos · Answer 1 · 2010-08-05T20:15:35+0000

To add to the above, interaction with iframes loaded from the same domain:

The browser allows you to interact with frames (or frames) if the page that is trying to perform the interaction and the page you loaded have the same document.domain.

You can set document.domain to the suffix of the host from which you were loaded. for example, if you have a page downloaded from blog.fred.com and want to interact with any jsonservice.fred.com service, both pages will have to do

document.domain = 'fred.com';

before javascript from one will be able to interact with the other.

The browsers are smart enough that you cannot set your document.domain to ".com" if you are interested ...

James · Answer 2 · 2010-08-03T21:26:44+0000

Yes, you can do this if the location of the iframe and the parent page of the same host (same origin policy).

For the browser to allow you to do this, you can use

 document.domain = "example.com"

on the parent page and in the iframe. (note that subdomain.example.com and example.com are different)

Dom method for this (parent page in iframe):

 document.getElementById("myiframe").contentWindow.document.getElementById("divinframe").innerHTML = "I'm on the inside.";

document.getElementById("myiframe").contentWindow.someFunctionInsideIframe();

contentWindow is the answer and works in most, if not all modern browsers, of course, chrome, ie7 +, etc.

To go the other way (iframe to the parent page):

 top.document.getElementById("DivInTopParent")

oezi · Answer 3 · 2010-04-22T10:33:44+0000

if the iframe content is from the same domain that you can access using frames.myiframe.getElement...

Toby · Answer 4 · 2010-07-26T11:23:45+0000

The browser restricts access to iframe / parent content for content that does not belong to the same domain. For queries from the same domain, you can access the content through window.parent or through myiframe.document.getElementById

i-- · Answer 5 · 2016-01-06T17:26:18+0000

This is not exactly a client / javascript solution, but it helped me solve the problem.

You need to remove the X-Frame-Options header, if any, and send the following page for the iframe instead:

 Content-Security-Policy: frame-ancestors 'self' example.com *.example.com

and one more for IE:

 X-Content-Security-Policy: frame-ancestors 'self' example.com *.example.com

Javascript and the same source frames

More articles: