This question already has answers here:
Cannot modify content of iframe, what is wrong?
(3 answers)
Closed 2 years ago.
I would like to add an iframe to my webpage. The problem is that there are several malicious scripts and ads in the iframe. Is there a way to block certain scripts (like Adblock does) using HTML or JavaScript?
tl;dr: No
The sandbox attribute on the iframe element lets you apply some limits to what scripts can do (e.g. you can block popups) but it can't be used to block specific scripts.
All the techniques for blocking specific scripts have to be applied by the owned of the actual page the script is embedded in. If you trust the owner of the page you are putting in a frame, then they can do what they like (except interact with your page thanks to the same origin policy).
There is a proposal to allow a CSP to be applied to a frame from the parent document, but it doesn't seem to have been updated in half a decade so I'm assuming the idea has died on the vine.
Related
This question already has answers here:
Warn user before leaving web page with unsaved changes
(17 answers)
Closed 3 years ago.
In my webapplication, I have a certain webpage that has an iframe inside of it with a certain source (can't tell which one, but I think (?) not really important for this question), but as soon as the webpage on my webapplication that contains the iframe in it is loaded, it throws a pop up which asks if I want to leave the page. I don't want this, I want to stay on the page with the iframe element inside of it.
The weird thing is, that when I for instance use http://example.org as the source (for testing), it shows the webpage normally without any pop up (and so did other pages I tested that contained HTML, CSS and most importantly JS).
What is it that causes this pop up? The pop up does not appear when I manually open the webpage that is included as the source of the iframe, in a browser.
You get that message if the page you're trying to leave has added a listener for the beforeunload event.
The "certain webpage" may have code that's redirecting itself. Maybe it checks whether it's in an iframe and does this, so it only happens when you try to load that page in your iframe, not when you load it normally. It's hard to be more specific without knowing what the webpage is and how it's written.
There are serveral rules of iframe any page or website in your webpage. If it is not Same-origin it will allow you to iframe that website, if it is on different origin it will not allow you to iframe that webpage. For more information refer this link https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Origin_inheritance_rules
This question already has answers here:
How can we open a link in private browsing mode
(2 answers)
Closed 8 years ago.
Is there a way, via Javascript or other code, to open a url in a private/incognito window from an HTML page? Ideally cross-browser or at the very least IE and Firefox.
The anticipated behaviour would be along the lines of
Link
The simplified reason for this is because admins want to be able to log in as users to preview various pages, but without logging themselves out. Whilst there are various other ways around this issue, this would be the simplest (assuming it is possible).
We can't force the visitor to view the page in an incognito/private window. Browsers provide no API that would make that possible outside of an extension.
This question already has an answer here:
Difference between background script and content script in chrome extension
(1 answer)
Closed 8 years ago.
I want to create an extension that reads all the colors of a site and change all the colors accordingly, if you click on the button.
Where should I write this code?
In a content script or in a background script?
What is actually the difference between the two?
Read the well-written Overview at the documentation. This should answer a lot of your questions.
In short, content scripts execute in an isolated context of a webpage, having access to its DOM, but have very limited Chrome API access.
A background script is usually used for central handling of tasks, while content scripts act as intermediaries between it and pages you want to interact with.
As for your situation:
You need to have a background script to listen to the button click event.
You need to have a content script to interact with a page.
So, you need both, and the background script can message the content script to do its magic.
This question already has answers here:
How can I access the contents of an iframe with JavaScript/jQuery?
(15 answers)
Closed 5 years ago.
I've got a website which has a iFrame in it. The iFrame is linked to an external page. I want to remove some elements in the external website (the website has HTML coding) using Javascript (other methods OK too) WITHOUT anyone clicking on any "remove" buttons or do anything, so it should AUTOMATICALLY remove that element when my webpage and the iframe loads, no one can see it.
For example, I want to remove a website's logo and some contents. I've tried lots of methods but they don't work in iFrame.
Unfortunately you cannot access elements in an Iframe if the Iframe is linked to an external site, there is no workaround using javascript.
This question already has answers here:
Disabling browser print options (headers, footers, margins) from page?
(9 answers)
Closed 8 years ago.
I want to print a web page from IE without the header and footer that IE generates by default (in the footer there is the URL). Important this should be done by JavaScript or VBScript code and NOT the print settings for your web browser
thank you in advance, best regards.
If you're talking about the header and footer generated by the browser (i.e. page numbers, URL, etc.), then you cannot do it. These elements are generated outside the scope of the web page - and you have no control over them. They are part of user's configuration of their system and can only be manipulated by the user.