Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can you access an external iframe's contents via the DOM/Javascript?

I have a page thusly:

<html>
    <head></head>
    <body>
        <iframe src="local.html"></iframe>
        <iframe src="http://www.google.com"></iframe>
    </body>
</html>

I've used the DOM to access the first iframe as a test (node.documentWindow) but when I try similar on the external iframe Firebug reports that access is denied.

I suspect this is for XSS protection, but is there a "safe" way to import the node so I can grab an element from that external page? Is there a way to explore the "document as rendered" or something?

Thanks!

like image 860
Alex Mcp Avatar asked Dec 13 '22 23:12

Alex Mcp


1 Answers

Nope. Cross domain security prevents this. The only way around is if the surrounding page, and the iframe, are on different subdomains on the same domain. In that case, you can use document.domain.

This is pretty much a given. Imagine the security implications if this were not the case. You could build an iframe containing a user's home banking page, and grab their password using keydown, for example. There's tons of possibilities of misuse.

like image 157
Pekka Avatar answered Jan 31 '23 00:01

Pekka