Menu
Domain abc.com has a page with 2 iframes. Both of them are loaded from domain xyz.com. Will XSS security block JavaScript access/communication/interaction between those two iframes?
266
Communicating directly between iframes is also possible by combining window. parent with target as defined above. In conclusion, the postMessage method is a more dynamic alternative to the single DOM, better suited if you load multiple pages in one iframe, but not always easier and it still requires the use of the DOM.
iframe injection is a very common cross-site scripting attack. iframes use multiple tags to display HTML documents on web pages and redirect users to different web addresses. This behavior allows 3rd parties to inject malicious executables, viruses, or worms into your application and execute them in user's devices.
A cross domain inline frame (iframe) is a type of web technology that can be used to embed a small portion of one website within a larger "parent" page hosted on a different domain.
When a page is running inside of an iframe, the parent object is different than the window object. You can still access parent from within an iframe even though you can't access anything useful on it. This code will never cause an error even when crossing origins.
Well, it depends on what you mean by communicate. It seems some type of communication is possible. Here is an example: HTML on www.abc.com:
<iframe name="test1" src="http://www.xyz.com/frame1.html">
<iframe name="test2" src="http://www.xyz.com/frame2.html">
Because the iframes are named we can do this in frame2:
<a href="javascript:alert(document.body.innerHTML)" target="test1">click me</a>
So we click the link in frame 2, but the contents of frame 1 is displayed.
102
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
