I have two websites. Domain.com and DomainTwo.com
Domain.com hosts all of the content and DomainTwo.com mirrors that content using a simple iFrame.
What I'd like to do is make it so if I link to "DomainTwo.com/folder/samplefile.jpg", the iFrame matches the URL and creates an iFrame for Domain.com/folder/sampelfile.jpg.
In other words, you wouldn't be able to tell DomainTwo.com is actually iframing anything unless you viewed the source code of the page.
Thank you!
Have you tried plopping the URI in your iframe src?
<iframe src ="http://Domain.com<?=$_SERVER['REQUEST_URI']?>">
in javascript it would be something like:
document.getElementsByTagName("iframe")[0].src = "http://domain.com" + location.pathname;
Of course clinking inside the iframe will not update the url. You'd probably be better of using wildcard domain, domain mapping, or whatever that's called.
Related
Please guide me. Is possible to read script tag src URL content using JavaScript/jQuery. Please don't suggest JSON/Ajax/iframe options.
I have tried like
<script src="http://www.test.com" id="test">
document.getElementById('test').src
but it give only src URL.
My Exact requirements is,
I have two application, each in different web server with www.siteA.com and www.siteB.com.
In Server2, I have cross origin and iframe restriction to access the application. Example: If a request is coming from server1(siteA) to server2(siteB) via Ajax or iframe, it's restricted to access the siteB page content. But If I load siteB in script tag it's loaded, but I'm not able to get the content.
So I mentioned above, don't suggest iframe and Ajax. Help me to achieve this.
The best way really is AJAX, but it does sound like CORS is an issue for you. The only other option I can think of would be to open the page in a new browser window, although I don't know what kind of user experience implications that will have on your application.
You can open a new browser window by:
function showContent(){
var url = document.getElementById("test").src;
window.open(url, "_blank");
}
Although if you take this route, you shouldn't put the url on a script tag, because the browser will download it once (via the script tag), and then a second time on the window.open.
I want to redirect to another website outside of my domain, such as this:
<img src="http://url.to.file.which/not.exist" onerror=window.open("www.google.com","xss",'height=500,width=500');>
I put the above code into a simple html file. However, it keeps appending the file path before "www.google.com" when the pop up show up. Is there a way to remove?
You missed the protocol - http(s):// - before the domain
<img src="http://url.to.file.which/not.exist" onerror=window.open("https://www.google.com","xss",'height=500,width=500');>
Use the full URL: window.open("http://www.google.com"...
To use an absolute url you need to specify the protocol. In your case you want http://.
So just change www.google.com to http://www.google.com
So I have an Iframe in which I hawe opened a html document with header and body. I have html string that I wish to use to replace original Iframes html body. How to do such thing?
I believe that something to this affect will do the trick if the iframe is being served from the same domain as the page itself*.
var html_string = "<p>hello world</p>";
$('#iFrame').contents().find('#id_to_replace').html(html_string);
*If it's not, then you are hosed as the browser will prevent access to an iframe of a different domain for security reasons. Though you could also consider piping the content you need in the iframe through your own server and displaying it that way, which would then allow your javascript access to the iframe content, although it's certainly not the most efficient.
Assuming that the JavaScript is in the document that contains the iFrame, something along these lines may work:
getElementById(yourIFrameId).document.body.innerHTML = "Your HTML String";
How can I get the contentWindow.location of the iframe where the iframe src contain different domain name?
I have googled about this, but I found something like proxt, so how can I get the location of the window inside iframe where iframe src is not on the same domain?
Browser-side XSS rules prevent the access and display external URLs in contentWindow.location. You can't do this.
Is there any way instead of a JS hack where I can post from an iframe to another page outside the iframe?
the iframe is posting data to a 3rd party and then just responding back with a URL which is the redirection URl thus we cannot set the form target. We are PCI compliant and thus we cannot use window.parent.location = url;
What it boils down to, it seems, is this:
1. You get a text url from a 3rd party in the iframe.
2. You want to change your page's location to that url.
3. Unless you have control over that 3rd party, all you are going to get is that text url.
Now, the only way to change your page's location automatically is with window.parent.location (or window.location.)
If changing the url of the page with javascript is not PCI compliant then you're trying to do something that is not PCI complicant.
<form> accepts a target parameter, e.g. target="_parent"
In an anchor tag you can set target='_parent' this will cause the url to be loaded into the parent window.
No, the only way is by using javascript. But it's not really a hack to use window.parent.location = url;