Disable script execution within iframe - javascript

I have a iframe which contains html.
But when the html contains scripts, the iframe executes it.
Is there a way to prevent it?

just enable sandbox is simple way to start with.
<iframe src="http://www.cnn.com" width="600" height="600" sandbox=""></iframe>
http://www.w3schools.com/tags/att_iframe_sandbox.asp

Related

Loading percentage of iframe

How to show loading percentage of iframe tag with javascript? I am using iframe tag and my program takes some time to load my program. So I am thinking off to show the user how much it is being loaded yet now. I searched about it and I got to know that it's not possible to do it with HTML5, so I guess it can be done with js
EDIT:
<iframe width="800" height="600" src="https://www.greenfoot.org/scenarios/26460?embed=true" style="-webkit-transform:scale(0.4);"></iframe>

Activate Autoplay based on allow="autoplay" attribute in iframe - Google Autoplay Policy

I really tried to find an answer but couldn't.
Google have changed their Autoplay Policy .
I am loading an iframe with Src to independent code, like this:
<iframe frameBorder="0" scrolling="no" allow="autoplay"
src="myurl"
width="640" height="480">
</iframe>
myurl is a path the a video player.
I want to check if 'allow="autoplay"' was passed as iframe attribute where the player code is, and the decide if to set auto play or not.
Note, that the site where the iframe is loaded is a different site' with different code and it even sites on a different server then the myurl site.
How can I do it?
It can not been done.
You need to use a promises to check if the auto play succeeded.
I used googles way of doing it.
Hope it will saves some time to someone :)

Cross Browser Automatically Click Link On Page Load with Javascript

I have a simple html page with an iframe image link. After the page loads I want the link to be clicked automatically. I need the link to be clicked instead of doing a meta refresh so thats out of the question. I searched around and It seems like FireFox does not support any methods to do so...There has to be a cross browser solution. Here is what I have so far but it wont work...why?
<script type="text/javascript">
window.onload=functionName;
$(document).ready(function(){
$('#clicked').trigger('click')
});
</script>
<div id="clicked">
<iframe src="http://mysource.com" width="40" height="10" scrolling="no" border="0" marginwidth="0" style="border:none;" frameborder="0"></iframe>
</div>
Add # before the id value
$('clicked').trigger('click');
to
$('#clicked').trigger('click')
If the iframe is on your domain then you can access its contents via jquery selectors.
Otherwise you're out of luck - blocking cross domain iframe interactions is a feature of same-origin policy that exists to protect users.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#Scripting

document.location.href got javascript:window["contents"]

The return value of document.location.href will become javascript:window["contents"] sometimes.
When it will happened? how to avoid it?
I found out
The code is placed in an iframe without src url.
<iframe id="google_ads_iframe_/21202031/LTN-000-03-HOME-120X600-DISPLAY_0" name="google_ads_iframe_/21202031/LTN-000-03-HOME-120X600-DISPLAY_0" width="120" height="600" scrolling="no" marginwidth="0" marginheight="0" frameborder="0" src="javascript:"<html><body style='background:transparent'></body></html>"" style="border: 0px; vertical-align: bottom;"></iframe>
As you already have suspected, this indeed has to do with (I)Frames and more specifically, the way some scripts/libraries work with those frames.
It is a technique to avoid a ReferenceError (in IE) in some cases when loading an external javascript (that is loaded asynchronous) which holds/provides variables/objects that are used in the frame's inline-script-source.
To quote the most relevant part from an article called 'inject content into a new iframe' :
Instead of using document.open/write/close we use the following
approach:
iframe.contentWindow.contents = content;
iframe.src = 'javascript:window["contents"]';
First, we assign the dynamic content to a variable on the iframe’s
window object. Then we invoke it via the javascript: scheme. This not
only renders the HTML properly, but loads and executes the scripts in
the desired order.
This is also in-line with a similar answer on SO.
Hope this helps!
For me I have 3 tabs that open with Internet Explorer ... Yahoo, MSN and my email account. Went to "tools" >Internet Options and removed Yahoo, okay and closed. After I verified that I no longer got the java script error tab I reinstalled Yahoo and that solved the problem.

How to access frames within a frame?

<iframe name="aa">
<iframe name="bb">
</iframe>
<iframe name="cc">
</iframe>
</iframe>
(assume that iframes shown above have all the required attributes.)
Can I get subframes of frame with name="aa" in native javascript?Browser renders them all, no problem.
I was trying frame.frames to get the array of inner frames, where frame is frame object for outer frame i.e, "aa". But it is not working.
Is it even possible ?
Any help ???
Many thanks.
You can do this, however as each iframe is technically loading another page, you would have to code it into the actual webpage that your first iframe is loading.
To further explain...
<iframe name"aa"></iframe> <!-- this is coded into the first page calling the page below //-->
<iframe name="bb"></iframe> <!-- coded into the second page calling another page //-->
<iframe name="cc"></iframe> <!-- coded into the second page calling anothe page //-->
Remember, iframes are just "windows" into other pages.

Categories