I have an invisible iframe that is talking to an atmosphere comet broadcaster. It works fine on most of the computers in the office.
On one computer in the entire building it breaks. The problem seems to be that there is an iframe that somehow gets inserted on that machine:
<iframe style="position: absolute; width: 5em; height: 10em; top: -10000px;" src="javascript:'
<html>
<head>
<script>if("loadFirebugConsole" in window){window.loadFirebugConsole();}
</script>
</head>
<body>
</body>
</html>'">
</iframe>
(note that most of this html is actually within the src for the opening iframe tag).
That iframe blinks in and out of existence, and when it does it clobbers my iframe that's handling the comet service.
I assume that this has something to do with firebug tools having been installed, but it happens on chrome as well as on firefox.
Has anybody else come across a this behavior?
The site uses Dojo, and it turns out that, in at least some cases, dojo inserts that iframe if you create an iframe and have firebug installed on the computer.
Related
I'm working on a little project, and have attempted to "embed" (or otherwise) the mChat plugin from phpBB into the entirety of my website. After trying and failing to get the chat onto an external PHP page that I could simply include into my index, I settled for an iFrame with the following properties. The page mchat is hosted locally and is a page with my forums background, and the mchat module on it, afaik everything is served with https using letsencrypt (I don't receive any SSL errors anyway)...
<div id="mchatdiv">
<iframe scrolling="no" id="mchatframe" src="/path/to/forum/app.php/mchat">
</iframe>
</div>
CSS
#mchatdiv {box-sizing: border-box; border: 1px solid rgb(5, 180, 1); overflow: hidden; max-width: 100%;}
#mchatframe {transform: scale(1.052); border: 0px none; margin-top: -80px; margin-bottom: -125px; width: 100%; height: 500px;}
It took a long long time of modifying the mchat_body.html file, and modifying the iFrame CSS to get it right, but now it sits in my page "perfectly" on Firefox, Chrome and IE11.
Here's the issue, I started researching how to include a "Chat loading" section into the div while the frame is loading, and found a lot of scary pages about iFrames, and the vulnerabilities they open you up to, and how they should never used. I then tried to find everything I could about iFrames. And no matter where you look, there doesn't seem to be anything concrete.
Here on stackoverflow alone, you can find multiple examples of top-rated answers ranging from "if the content of the iFrame is locally hosted then you're not any more or less secure than you would be" to "iframes always increase your risks of XSS(?) attacks and..."
I'm sorry if it's not as simple a question as it seems to me, but am I opening my site up to any more vulnerabilities by using an iframe sourced to locally-hosted content? And if yes, can somebody please explain to me how so, and how I should go about retrieving this content for use on my page instead? I looked into jquery, but am hesitant to include the library for 'one task' - Is javascript capable of somehow doing the task more securely than an iFrame?
Thank you all very much for your time.
I am attempting to make my website use TLS / https. This problem occurs only on the https version and not the older http version of the website.
I have a link on my website which when clicked reveals an iframe on top of the rest of the website content.
The link looks like this:
Speed Check
It reveals this div (slightly modified to remove my actual URL)
<div id="speedtestmodal" class="reveal-modal tiny open" data-reveal="" role="dialog" style="display: block; opacity: 1; visibility: visible; top: 1130px;" area-hidden="true">
<iframe width="620" height="420" style="visibility:;" id="example" src="https://page.domain.com" scrolling="no" frameborder="0"></iframe>
</div>
This works and the iframe and expected content is visible, the problem I have is that the page in the iframe contains a text box which the user should fill in. This behaves as expected in Firefox but in Chrome or IE attempting to click into the text box closes the entire Iframe.
The website is beta.domain.com and the iframe is page.domain.com so I thought the problem may be related to cross domain JS calls, to try and get around this I added the following to the head on both websites (as described at http://madskristensen.net/post/iframe-cross-domain-javascript-calls):
<script type="text/javascript">
document.domain ='domain.com';
</script>
But it has made no difference. Is there something that I'm missing here?
Is there any more information that I can provide to help debug this?
It turned out the problem was CSS related and it was only working in firefox due to a bug in the browser.
The Z-index value of the modal was causing it to be hidden behind another semi-transparent modal which is part of a separate function of the website.
I'm trying to get the user permission dialog to pop up for navigator.getUserMedia, which is called on an external page in an iframe. Currently the sample will show "Permission denied" without ever having presented a dialog to the user.
This is a universal Windows app written in javascript. The webcam has been added to the capabilities.
I've tried finding something similar to the geolocation function below. But I could not find anything for the webcam.
Windows.Devices.Geolocation.Geolocator.requestAccessAsync
The code is very simple. It is an x-ms-webview that links to a webRTC sample.
index.html
<html>
<head>
</head>
<body>
<x-ms-webview style="left: 0px; top: 0px; width: 100%; height: 100%; position: absolute;" src="https://webrtc.github.io/samples/src/content/getusermedia/gum/"></x-ms-webview>
</body>
</html>
The question has been answered here:
https://social.msdn.microsoft.com/Forums/office/en-US/16e166d6-fd64-47cf-9e57-560c0d82b6df/how-to-resolve-a-permissiondeniederror-using-webrtc-in-xmswebview?forum=wpdevelop
You could also use PermissionRequested event to enable the webrtc feature that requires webcam capability. If you use a permission dialog, use WebViewPermissionRequest.Defer to create a WebViewDeferredPermissionRequest which can be used after user input. For more information, please refer to the following links.
https://msdn.microsoft.com/en-us/windows/uwp/controls-and-patterns/web-view
https://github.com/Microsoft/Windows-universal-samples/tree/master/Samples/WebView
document.getElementById("webview").addEventListener("MSWebViewPermissionRequested", managePermissionRequest)
function managePermissionRequest(e) {
if (e.permissionRequest.type == "media") {
e.permissionRequest.allow();
}
}
I dont work with x-ms-webview and dont like it, I was worked with HTA many years ago ....
But this must inherit from window/iframe and it maybe have allow properties:
<!--Allow camera and microphone access within the context of this iframe-->
<iframe src="https://example.com" allow="camera *;microphone *"></iframe>
Because we have same default problem for iframes, by default they has no allow to getusermedia and u must set allow properties for them to work with usermedia...
I'm trying to figure out why my images aren't displaying properly within my iframe. Every browser works fine with the exception of Firefox and Safari. I can still click the links within the iframe and open up the corresponding page, but the images just won't display. I am using the instansive instagram widget as my iframe content (instansive.com). Their code looks like this - >
<!-- INSTANSIVE WIDGET --><script src="//instansive.com/widget/js/instansive.js"></script><iframe src="//instansive.com/widgets/427ad0d8ae95cfc36f19bb10c960dbf03bbef870.html" id="instansive_427ad0d8ae" name="instansive_427ad0d8ae" scrolling="no" allowtransparency="true" class="instansive-widget" style="width: 100%; border: 0; overflow: hidden;"></iframe>
I'm not sure as to what I am doing wrong, or why it isn't displaying correctly with these two particular browsers.
There is nothing to do with iframe. Try giving the image path as /test/image.jpg instead of full path. This may work
I am using a login page from a separate website inside of an Iframe, so that the URL displays my site, and not the site within the Iframe. Users are able to login with Chrome and Firefox, but they are not able to login to Internet Explorer, unless I remove the iframe, and the user is forwarded to the other site directly. Is there any way for me to allow the user to use iframe with IE, so what they may login?
<html>
<body>
<iframe id="abc" frameBorder="0" style="margin-top:-14px;margin-left:-14px;margin-bottom:-14px;width:105%; height:110%; !important;padding: 0; border: 0; outline: 0;" src="https://test410.managebuilding.com/Manager/PublicPages/Login.aspx">
</iframe>
</body>
</html>
I don't think IE 11 will remember cookies set inside of the iframe, at least if it's on a different domain. You'll either need to navigate to the site directly or use a popup window.
At the time of this writing, IE 11 and Edge in Windows 10 seemed to handle this differently, so you'll want to test there too. It seems to me that Edge and Win10 IE (sometimes?) treat the iframe as its own browser session for cookie purposes.
<html>
<body>
<iframe id="abc" frameBorder="0" style="margin-top:-14px;margin-left:-14px;margin-bottom:-14px;width:105%; height:110% !important;padding: 0; border: 0; outline: 0;" src="https://test410.managebuilding.com/Manager/PublicPages/Login.aspx">
</iframe>
</body>
</html>
make height:110%; !important; to height:110% !important; because there was the syntax error showing on that line and the iframe is showing the internet explorer