I am trying to click a link on another page(I do not have access to that page) which loads a JS function.
So can I call that function from my page thru a href="" or thru onClick=""
You can't call a function remotely from another page. Besides, you already left your page by then.
Unless...
that other page is somehow loaded to your page (AJAX+CORS or AJAX+proxy server maybe) and it's contents parsed on your page.
that other page has some logic that reads hashtags or query strings and executes corresponding functions. This could work inter-domain via iframes, as you are indirectly controlling the iframe via it's hash/query string.
that other page could be loaded via iframes. iframes would work if "I do not have access to that page" meant that you just don't have access on the current subdomain but both live on the same top domain.
Subdomain iframe communications can work. Pages on example.com and subdomain.example.com can talk to each other but example1.com and example2.com can't talk to each other because both live on different domains. See the other answer regarding the Same Origin Policy.
If it's on a different domain and you can't change its content, then you can't do it due to the same origin policy. Sorry. You'll have to find a different way to achieve whatever you're trying to do.
Related
I'm getting very confused reading all the examples about how to use window.postMessage() with iframes because they all involve one page being notified of activity, like clicks, happening in the other. Or else they only output some text to the console. I just want to get the original iframe embedding working, nothing else.
I have a page at https://subdomain.example.com/page1/ that contains an iframe like this:
<iframe src="https://example.com/page2/" name="myIframe"></iframe>
Obviously this doesn't work because the origins are different. How do I make it work using postMessage()? Once the iframe has loaded the pages don't need to communicate or know anything about each other.
I fear that the answer will be "Impossible due to browser security policy" but I really need to accomplish the following:
The problem I have is that the content to be embedded in my web page includes some menu items that I need to remove/hide because they trigger operations that I need to prevent. I cannot find a way to address these DOM nodes to hide them.
I have a web page and need to embed a URL from another domain into my web page. I have tried this with and also by using Ajax to fetch the URL contents and insert them into the DOM of my web page. These two methods have different results.
If I use to embed the page from the "foreign" domain I can see the "foreign" domain's content and I can address the node but all attempts to access the nodes underneath return null. There is no error message (in Firefox) but I suspect that I am getting null because the browser is enforcing the same-domain policy.
On the other hand, if I use Ajax to insert the page content into my web page I don't even see the content and in this case there is a CORS error in the Firefox debugger console.
Since I don't control the "foreign" domain I can't modify it to use the window.postMessage(); technique.
Can anyone suggest a way for me to be able to hide menu items that are in content fetched from a "foreign" domain? (Gotta be a way, gotta be a way, ...)
Thank you.
I created an iframe in Domain A and used that iframe in my other domain, Domain B by calling it via AJAX. I also implemented a javascript back button for my app in the iframe in Domain A using history.go(-1).
When I view my page now using IE,Firefox, Chrome everything works perfectly but the javascript back button doesnt work for Safari. It seems like it calls the window instead of the iframe.
I created a hidden iframe (thought it was a cross domain issue) and had no luck. Afterwards, I created a home button in my frame which took me to the orignial url source my back button started to work in Domain B (prob iframe source has changed).
What is the problem? Any ideas?
The way i have implemented something like this in the past is:
domain A creates a hidden iframe that opens a page on domain B.
domain B gathers information it needs to send back and then redirects to specially prepared page back on domain A. using GET data to send it's result.
The page back in domain A will uses the GET parameter to creates a javascript block to push the message to the original page (using window.parent or window.top)
This method of course assumes you get to manipulate client implementation on both ends and server implementation on the side of Domain B.
Is there any way to run a bookmarklet on an iFrame which is from a different domain?
For example, I have a page loaded from http://example.com, which has an iFrame whose source is set to http://example2.com. When I run the bookmarklet, it is always run on http://example.com, since that is the main page. I want to run it on the other iFrame though.
When I attempt to interact with the iFrame (e.g. by changing its source attribute to javascript:alert('test')), Chrome shows the following error:
Unsafe JavaScript attempt to access frame with URL http://example.com from frame with URL http://example2.com. Domains, protocols and ports must match.
I tried dragging and dropping the bookmarklet into the frame, but it says:
Failed to load resource
Is there any way for me to interact with an iFrame using a bookmarklet in Chrome?
There is a way to do cross-domain message-passing (not arbitrary code execution) using window.postMessage, yet all a frame A can do to frame B (when they are not of the same origin) is passing it a message hoping that B has a callback function listening for this message.
So here if you control exemple2.com (what's in the frame that don't get the bookmarklet), you can make the bookmarklet pass a message to the iframe and handle it in the iframe.
Else I don't think you have a solution here, except very complicated ones (like proxying).
Other links:
In-depth article about same origin policy and its implementations in browsers
A cross-browser, backward compatible postMessage attempt (as jQuery plugin)
iFrames have alot of security on them as do ajax calls.
Any attempt to use these in a cross-domain manner will result in a security error.
Imagine you were able to interact with other iFrames on different domains. You would be able to make an iFrame (like facebook login's page) that had width and height of 100% and add a function to execute on a submit event which would email you the username and pass before submitting.
So you're gonna have a lot of trouble accomplishing what you're trying to do. You basically can't mess with a page that you don't own. You can use firebug to edit it with the html tab though.
Hope that helps
One option if you are not in control of the page or the iframe is to load the iframe into a new window. The src attribute of the iframe is available to read by the parent JS, which can then open a new tab or window. The user can then click on the bookmarklet a second time to load it into this new page.
What methods are available to monitor the status of IFRAME page, I know there are security limits but I hope some small notification system is still possible.
My situation is that I have created a parent page that is located on customer's server, and this page has has iframe page located on my server (my domain). I need to somehow communicate a little between these two:
Can I make javascript to the parent page that can check if my iframe page has a specific string on it, or somehow make iframe page to notify the parent page?
Is there e.g. any possibility to make a timer that checks iframe content time to time?
I also accept answer how mydomain/client.page calls callback on customerdomain.intranet.com/parentpage.htm that has client on iframe
You need to use cross site JavaScript techniques to be able to do this. Here is an example.
Put another file into your server, call it helper.html, include it to your file served by customers server using an iframe. Set the src of the helper.html iframe with adding get parameters, ie. http:/myserver.com/helper.html?param1=a¶m2=b, in the helper file use javascript to call method on parent's parent ( parent.parent.messageFromIframe(params) ). Which is the page on your server itself. Since helper and the container page are on the same domain it should work. The technique is popular, for instance Facebook was using it for their Javascript api.
I got information that this is possible by setting parent.location (from iframe) to have hash data like this "mydomain.com/mypage#mymessage"
By default, security restrictions in the browser will prevent access from/to the document in the iframe if it is in a different domain to the parent page. This is, of course, just as it should be.
I believe this would prevent even checking the current location of the iframe, but that's easily testable. If it's accessible, then you could poll the iframe for its location, and whenever the page in the iframe updates, have it append a random querystring parameter. Comparison of that parameter to the value from the previous poll would tell you if it's changed.
However, as I say, I suspect it's not possible.
Edit: This question suggests it is only possible for the initial src attribute: How do I get the current location of an iframe?