开发者

Gathering location of an IFRAME

I am building a script/application (on client side and on proxy site too) that gathers information about elements from various web-sites.

One last thing that makes me troubles is gathering location of an IFRAME. Let me explain this in more details:

  • Invariant: Location of IFRAME is not 开发者_运维知识库changed via user interaction
  • Some web-pages uses SRC attribute to define location of new IFRAME - either defined via scripting or manually typed in the source - this is ok (no problem)
  • Other web-pages uses various techniques how to populate IFRAME dynamically and they do not use SRC attribute of IFRAME - this is ok if location of such IFRAME is inside the same domain, otherwise it is unsafe access to other domain

I will include one example of HTML code:

<html>
<body>
<a href="http://www.google.com" target="test_iframe">Click here to open an iframe.</a>
<br>
<iframe id="test_iframe" name="test_iframe"></iframe>
</body>
</html>

So if I try by JavaScript this below I will get an empty string.

document.getElementById("test_iframe").src

And if I try to use this below I will get a security error.

document.getElementById("test_iframe").conentDocument.location.href

So my question can be reduced to:

  • Are there any technique to gather location of such IFRAME which content is outside parent domain and that IFRAME is without SRC attribute?

Thank you very much for your answers :-)


This is called iframejailing. Its not possible to read or alter an iframe element in the page if its pointing to a different domain. Its an inbuilt security feature in browsers.

However, there are certain workarounds for this if the domains in questions can work together to create an iframe proxy (google to get more info), which i feel in this case is not applicable.

Respond back if you have more questions.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜