开发者

From an iframe whose src is an external domain, what methods are available via the "parent" object?

I'm aware of the cross-domain issue with iframes accessing the parent's DOM and vice-versa, however I found that the iframe can redirect it's parent to another location. Take a "parent" page for example:

<!-- http://www.domain1.com -->
<iframe id="some_iframe" src="http://www.domain2.com"></iframe>

And the embedded content:

<!-- http://www.domain2.com -->
<html>
  <head>
    <title>I'm embedded</title>
  </head>
  <body>
    <input type="button" onclick="parent.location = 'http://www.domain3.com';" value="Redirect my parent to another site" />
  </body>
</html>

If the button within the embedded content is clicked, the parent is successfully redirected to a third URL. Obviously the embedded content 开发者_JAVA百科within the iframe has access to setting it's parent's location. However if I try to call any other methods on parent (e.g., "parent.outerHeight") I get "Unsafe JavaScript attempt to access frame with URL http://www.domain1.com/ from frame with http://www.domain2.com/. Domains, protocols and ports must match." in my JS console.

I'm curious what other methods besides "location", if any, is the embedded content able to call on it's parent object. Is there a listing of these public functions? Thanks.


This question is slightly browser-specific. With HTML5, there's a sanctioned way of communicating call postmessage. Here's a link for your review.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜