access iframe links - javascript

I have a website, that has google ads, to display its ads. I want to keep track of the url's that are being displayed every time a visitor visits the page.
I have tried using twill, BeautifulSoup, nodejs jsdom, but the page returned excludes the google ads links and returns just the page.
how can I do this, for example, if I inspect the element with google chrome or firefox, I can view the links, but from the command line, I am not aware if this is possible?

You can't, for cross-domain security reasons. Sorry.

Related

Does anyone have a creative solution that allows me to hide menu items from a web page embedded in my web page?

I fear that the answer will be "Impossible due to browser security policy" but I really need to accomplish the following:
The problem I have is that the content to be embedded in my web page includes some menu items that I need to remove/hide because they trigger operations that I need to prevent. I cannot find a way to address these DOM nodes to hide them.
I have a web page and need to embed a URL from another domain into my web page. I have tried this with and also by using Ajax to fetch the URL contents and insert them into the DOM of my web page. These two methods have different results.
If I use to embed the page from the "foreign" domain I can see the "foreign" domain's content and I can address the node but all attempts to access the nodes underneath return null. There is no error message (in Firefox) but I suspect that I am getting null because the browser is enforcing the same-domain policy.
On the other hand, if I use Ajax to insert the page content into my web page I don't even see the content and in this case there is a CORS error in the Firefox debugger console.
Since I don't control the "foreign" domain I can't modify it to use the window.postMessage(); technique.
Can anyone suggest a way for me to be able to hide menu items that are in content fetched from a "foreign" domain? (Gotta be a way, gotta be a way, ...)
Thank you.

Can a Chrome extension act as a web app in place of a website?

I'm trying to develop a Chrome extension that is supposed to completely replace a specific website's pages with a new UI. In other words, when the user visits said website, the extension should "intercept" it seamlessly and display the new "app" (preserving the URL and without opening a new tab or window). I currently use a content script to manipulate the DOM, but it's too messy.
Chrome apps such as Google Docs achieve the same goal through URL handlers, but they're not an option since they're now deprecated.
Currently, I'm aware of two options:
Intercept the URL and redirect it to an extension URL. I want the URL to be preserved.
Use a content script to stop the page from loading at document_start (using window.stop()) and then "inject" the new app. Apparently, that works, but it sounds quite hacky and prone to unexpected glitches.
What I'd like to know:
Is the second approach good enough? What limitations and other issues will I face if I use it?
Is there any other approach that is at least as good (and preferably designed for this purpose)?
You can't open a chrome app in a tab, only in a window. I don't think they have content scripts either.
Also, chrome apps are now only available on chrome os when you publish it for the first time (existing chrome apps work for any os).
To solve your question, you could use an extension with content scripts and just open up an iframe fullscreen so the url is preserved in the omnibox and it could have the page you want in the iframe as the page that would be in the app.
Content handlers are meant for opening a special protocol url to do something like send an email, etc. Examples would be like tel://, sms://, mailto:, etc.
So you would not want this. Also they aren't that noticable when approving to handle the protocol.

How Can You Embed An iframe IN A Google Search Result Page

For whatever reason, that's not important, i'm trying to combine google shopping with another page via an iframe.
I've tried the approach proposed here, consisting of embedding a google custom search query in an iframe, but google custom search does not allow access to the shopping tab.
I figured, if you can't embed Google, embed yourself in it. So I proceeded to inject some jQuery in the page
var jq = document.createElement('script');
jq.src = "https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js";
document.getElementsByTagName('head')[0].appendChild(jq);
// ... give time for script to load, then type.
jQuery.noConflict();
clean up the google shopping search results page to what I needed, namely the html inside the div#search
jQuery(function($) {$('#search').show().parentsUntil('body').andSelf().siblings().hide();});
Create an iframe and inject it:
var iframe = document.createElement('iframe')
iframe.src="http://example.com"
iframe.width="100%";
iframe.height="500";
iframe.style="visibility:visible";
document.body.appendChild(iframe)
Only problem is the iframe doesn't load the contents of the page and in turn is blank. If you try the above snippet in any other page, it works. It seems like Google is blocking the iframe from loading. How can I get around that?
Google seems not to work using an iframe... Even if you are not using JS.
What you should use instead is the Google Custom Search API, wich allows you to create a custom search engine.
You just have to enter an example website, change the Option to Search all the web. and remove your entered website again.
To create a custom Search engine you'll need a google account.
Start here.
When I run that code, the following error is reported in my console:
VM259:7 Mixed Content: The page at 'https://www.google.co.uk/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure resource 'http://example.com/'. This request has been blocked; the content must be served over HTTPS.
Changing it to an HTTPS URL:
var iframe = document.createElement('iframe')
iframe.src="https://example.com"
iframe.width="100%";
iframe.height="500";
iframe.style="visibility:visible";
document.body.appendChild(iframe)
… makes it work fine (albeit it tucked behind the logo):
Tnx for #Quentins comment.
UPD:
Embedding code to google website:
In general you can't embed code for page that you don't own.
if user opens your website and open another tab with google or your website opens another tab with google, your website doesn't have access to google website source code/context and you can't affect on google website, because there are completely isolated from each other.
Seems your actions for cleaning results and embedding your iframe in google page you made in your browser console. That changes affect only locally for your browser and doesn't affect for any other users that open google website.
Possible solutions:
Actually, you can embed some code to other pages, but you need to use:
Browser extensions (too complicated, because user need to install your extension for browser)
XSS/other vulnerables (that's almost impossible for google search website)
Embedding google to your page:
You can't embed iframe from google because of x-frame-options header in http response for google.com. There is no good workaround, sorry.
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Conflict with double google analytics

I have a website that only has a full window iframe to a page that already has google analytics, but not on my account(the page isn't mine either). I would like to track my website with Google Analytics and if I put the script in the head site it will say "Tracking not installed". IS there any way to make the browser ignore the google analytics from the iframe?
If the iframed GA account isn't yours then there is nothing you can do about it. However you can still implement your own analytics by simply doing what you were doing before and putting your own GA code on your pages. You will see that tracking not installed message because it normally takes at least 24 hours for the code to register. In the meantime if there is nothing else wrong with the implementation, you can check in your Real-time reports to see if your own simultaneous visits are recorded. If they are then you are good to go and just need to wait 24 hours for data to show up in your standard reports.
You cannot change the content of the iframe, it would violate the same origin policy. Are you sure you should be using an iframe at all? Either way you can easily add Google Analytics to your own site and track whatever you need with your own Google Analytics ID.
If your analytics code is in the iframe, Google will report that tracking isn't installed as they're checking the parent page, not the iframe. Tracking will still work, though. You should see stats come through normally.

Google Ads not showing when my site is inside an iFrame

I'm building a web application (a web site) which has a feature where you can embed it inside your own web site (using an iframe).
So, my app has Google Ads, and sometimes when the it is inside another site as embed (inside an iFrame) it doesn't show Ads, I mean, ads are being rendered, but sometimes that html from google is blank.
I'm concern about the Policy of GoogleAds and to not use iFrames to show ads, but I'm not using iframes to show them, my app is just inside another site as a feature.
My question is: can this be done?, or by that policy I won't be able to show ads on my embed feature?
EDIT 1
This is the content which Google is rendering (inside another iframe of another iframe):
<html>
<head>
</head>
<body style="background-color:transparent" marginwidth="0" marginheight="0">
</body>
</html>
and also, I getting an error on the console:
Blocked a frame with origin "http://googleads.g.doubleclick.net" from
accessing a frame with origin "http://example.com". Protocols,
domains, and ports must match.
where "example.com" is some site that is using my feature
EDIT 2
So, I step at the Network tab of the console, and watch what was calling. Does a GET
http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-XXXX.... With 200 OK always, but sometimes it returns just the blank HTML (posted above) and sometimes the actual html with an AD.
One more thing I didn't tell, I'm using the Asynch new Beta method, not the Synch, so I'm thinking of try the Synch and see what happens.
You might try loading the page outside an IFRAME and run network capture on the traffic to/from Google. Explore the response headers - they might be using X-Frame-Options to prevent illicit click activity on ads. There's likely very little you can do about it aside from doing a server-side request and embedding the response HTML yourself. This will dramatically slow down your page loads and might violate your ad agreement.
EDIT:
After reading your follow-up testing, it sounds more like your site just doesn't meet the criteria of enough ad campaigns to serve ads with every request. I'd look at Google's FAQs or marketing information to find out how often ads are served or why you might not be getting ads on every request. Remember, the ads are for the benefit of the advertiser and they have good tools to make sure their ads are specifically targeted to the right audience to maximize their return. Your site just might not meet enough criteria to get many ads.
EDIT 2: A quick Google search turned up this FAQ for why Ads might not be showing. They seem geared to why ads don't show at all, not intermittent appearance.

Categories