Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

jQuery cross domain iframe scripting

I am trying to access the DOM of an iframe that loads an external URL. Of course that I get a "Permission denied for" error due to cross domain security. How can I make this work? I saw something done with json (but I can not get a json string from my external source) and something done with HTML5 postmessage.

you can see it live at : http://jsfiddle.net/QPBvJ/

The code is:

    $(document).ready(function(){
     $('#get').live('click', function() {

        var currentIFrame = $('#frameDemo');
        currentIFrame.contents().find("a").css("background-color","#BADA55");

        alert ("done")
    });
    });

<iframe src="http://api.jquery.com/" width="80%" height="600" id='frameDemo'></iframe>
<button id="get">Get</button>

What would the the easiest way to make this work. Thank you

like image 609
Mircea Avatar asked Jun 21 '10 08:06

Mircea


People also ask

How do I get cross domain iframe content?

To access cross-domain iframe, the best approach is to use Javascript's postMessage() method. This method provides a way to securely pass messages across domains.

Can I load an iframe from a different domain?

Iframe communication between different domains is blocked by web browsers for security reasons, thereby making it impossible for a parent page to access or alter content inside an externally hosted iframe without time-consuming workarounds.

Can you use jQuery in an iframe?

However, it's also possible to use a really simple jQuery to access the elements within the iFrame. Check it out below: $(document). ready(function(){ var iFrameDOM = $("iframe#frameID").


1 Answers

There is no way to make this work. Unless, the foreign domain you try to access supports a procedure like C.O.R.S, JSONP or postMessage.

There are a few exceptions (like always):

If you're dealing with a WebApp for instance, you can tell your users that they have to grant access to cross-domain-calls.

In Gecko/Firefox for instance, you can call

netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead')

which enables the browser to access foreign domains via ajax/iframes. In this scenario, an user has to set

signed.applets.codebase_principal_support

to true under about:config to make this work.

In the Internet Explorers of this world, there is a setting called something like allow cross-domain access deeply hidden in the security tab, which must be set to enable.

Chrome allows cross-domain calls with a commandline argument:

chrome.exe --disable-web-security
like image 111
jAndy Avatar answered Oct 09 '22 10:10

jAndy