I'm using iframe to load faroo.com as default src in frame when i search and move to other webpage using faroo.But still in the iframe src its display faroo.com only i wanted to capture url of page that has loaded in iframe
<!DOCTYPE html>
<html>
<head>
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.1.min.js"></script>
<script type="text/javascript">
$(function(){
$('#frameid').load(function(){
var z=$('#frameid').attr('src');
console.log('hi '+z);
});
$('#clicked').on('click', function(){
$('#frameid').attr('src', 'http://www.faroo.com/');
});
});
</script>
</head>
<body>
<iframe width="100%" height="500px" id="frameid" src="" name="iframe_a" ></iframe>
<p><input type="button" value="click me!" id="clicked"></p>
</body>
</html>
The o/p at console.log is always faroo.com not the current website that has loaded
To get current URL from an iframe with JavaScript, we can use the contentWindow. location. href property. Then we get the current URL of the iframe with the contentWindow.
setTimeout(function(){ if (//something shows iframe is loaded or has content) { //my code } else { $('#myIframe'). attr("src",""); //stop loading content } },5000);
If you're using JavaScript in the browser you can get the full current URL by using window. location. href .
An iFrame, also knowns as Inline Frame, is an element that loads another HTML element inside of a web page. They are commonly used to embed specific content like external ads, videos, tags, or other interactive elements into the page.
Seem likes there is a hack to make this work and I actually can't believe it's even allowed. This is how it seems to work:
1) Change the domain to match iframe:
document.domain = <iframe_domain>
2) Get the URL like so:
console.log($('iframe')[0].contentWindow.location.href)
In my opinion, this should not have worked, but it does. I tested with the following in Safari, Chrome and Firefox all latest version as of 02/01/2017:
Main: http://subdomain.website.com iframe: http://www.website.com
What do you think? Is this permanently allowed or is it an oversight that will be patched soon?
I started another thread for discussion here regarding browser security.
Isn't This A Serious Browser Security Issue? RE: Cross-Domain iframe Hack
Seems like this will always be supported for specific cases.
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With