I'm new here and like to know how to refresh 2 different iframes on one page.
I found something on google using getElemenById. But it has to work in firefox and firefox has some problems with Id's.
thanks in advance.
<form action="managecartform.html" onclick="deleteAllCookies();"><button type="submit" >Empty cart</button></form>
What does your form have to do with iframes?
Do you mean this? Load the managecartform into one frame and reload the other?
<form action="managecartform.html" target="iframe1"
onsubmit="deleteAllCookies(); window.frames[0].location.reload(1);">
<input type="submit" value="Empty cart"/>
</form>
<iframe name="iframe0"></iframe>
<iframe name="iframe1"></iframe>
firefox doesn't have problems with ids -- 99% of the time it's because you've either got a missing id or you've duplicated an id.
ids must be unique throughout the entire document.
to answer your question though:
<iframe id="frame1"></iframe>
<iframe id="frame2"></iframe>
<input type="button" onclick="refreshFrames()" value="refresh frames" />
<script type="text/javascript">
function refreshFrames(){
frame1 = document.getElementById('frame1');
frame2 = document.getElementById('frame2');
if(frame1.contentDocument){
frame1.contentDocument.location.reload(true);
frame2.contentDocument.location.reload(true);
} else {
frame1.contentWindow.location.reload(true);
frame2.contentWindow.location.reload(true);
}
}
</script>
(For IE, you might have to use contentWindow instead of contentDocument depending on the version of IE you're trying to support)
Related
I am a cybersecurity student trying to understand some basic HTML injections. I have been working on this code for a few days and can't understand what I am doing wrong. The code that I have currently does allow for injection, for example if I put <h1>test</h1> into the textbox, it will display test as a header. But if I try <script>alert(1)</script> it won't actually run the script. I have tried setting the value of the text box to "" or with the thought that I could close out that line by inputting the following into the textbox: "><script>alert(1)</script>
I've also tried to cancel out the remainder of the code by adding a comment to the end like this: <script>alert(1)</script><!--
I've tried a number of combinations of each with no luck. Now I actually need to be able to inject a script since I'm playing around with CSP and how that affects injection of scripts into the webpage. I currently DO NOT have a csp specified that would restrict the JavaScript from running. Some other things I've tried include using different browsers, changing browser security, and ensuring that JavaScript is enabled in the browser. Any help would be greatly appreciated!!
<html>
<script language='JavaScript'>
function getwords(){
textbox = document.getElementById('words');
label = document.getElementById('label');
label.innerHTML = textbox.value;
}
</script>
<body>
<input type="text" id="words">
<input type="button" onclick="getwords()" id="Button" value="Enter" />
<label id="label">
</label>
</body>
</html>
That's because <script>s run at page load, and, when the label's content change, the scripts have ran already.
However, if you inject <script> tags to a different page (through the backend (XSS means Cross-Site Scripting)), it does work.
Alternatively, to make it work in a scenario, where the content injected after page load (like your case), you can use JS events (like onclick) to run your code:
<div onclick="alert(1)">Click me!</div>
Or, to execute it without user interaction, you could use an <iframe>'s onload event:
<iframe onload="alert(1)" style="display:none"></iframe>
to execute javascript from your form, you can try:
<iframe src=javascript:alert(1)>
or
<img src=x onerror=alert(1)>
Also worth noting:
script elements inserted using innerHTML do not execute when they
are inserted.
To manually execute JavaScript, you may do the following
without editing your HTML file, add this to the Input field on your Browser.
<iframe onload="alert(1)" style="display:none"></iframe>
More information on why this works here
More on how you can perform actions like this here: developer.mozilla.org
<html>
<script language='JavaScript'>
function getwords(){
textbox = document.getElementById('words');
label = document.getElementById('label');
label.innerHTML = textbox.value;
}
</script>
<body>
<input type="text" id="words">
<input type="button" onclick="getwords()" id="Button" value="Enter" />
<label id="label">
</label>
</body>
</html>
I have right-click disabled in the header of a website using
<body oncontextmenu="return false">
Which gives the functionality that I have been asked for.
But I have a requirement to then re-enable right click on an iframe within this site and I'm not sure this is possible.
Without going into the "Why?", "Don't bother", etc... comments, I was wondering if someone could kindly answer if (or not) this will be possible, and how?
On the iframe I have tried to give it it's own <body> tag, but the main parents <body oncontextmenu="return false"> tag seems to be overriding it.
Edit :
This line is in the parent page <body oncontextmenu="return false">
The iframe is on a different domain to the parent page.
Below SO answer should work, including an alternative to disabling it in the html and flexibility for different browsers.
https://stackoverflow.com/a/2405835/5741308
If you are in the same domain, you can use jquery like this:
HTML
<iframe id="iframeID" src="/your_page.html"></iframe>
JAVASCRIPT
$(document).ready(function () {
$('#iframeID').load(activeContextMenu);
});
function activeContextMenu() {
$('#iframeID').contents().find('body').attr('oncontextmenu', '');
}
I'm using Javascript to open a page in a different frame using onclick. I had this working when last tested, but was made aware yesterday that it no longer works in Chrome. I retested the other browsers and its still working as expected. I know Chrome can be a little finicky when it comes to Javascript, I'm just not sure how to resolved.
<asp:HyperLink ID="downloadReport" runat="server">
<img src="images/save.jpg" onclick="javascript:top.frames['main'].location = 'DownloadReport.aspx?<%= url %>';return true;" />
</asp:HyperLink>
What do I need to do to resolve the issue in Chrome? And please refrain from a discussion on why frames are or aren't a good idea. While in most cases things can be accomplished in different ways, there are some specific uses for them still.
Problem solved. I was thinking that Chrome needed to access frames by id where as others could use name or id, that was apparently incorrect. Chrome required the frame name. So on my frameset page I added a name attribute in addition to the id one and everything is working again as needed.
<frameset rows="100,*" border="0">
<frame name="top" id="top" runat="server" />
<frame name="main" id="main" runat="server" />
</frameset>
If you really need to use hyperlink in this scenario, prevent its default behavior by doing return false; instead of return true;
But if you don't need it - just use the image without hyperlink (adding styling for cursor if needed):
<img src="images/save.jpg" onclick="top.frames['main'].location = 'DownloadReport.aspx?<%= url %>'" style="cursor:pointer" />
I have two applications one is already built and the other one is my own I can't do any modification in the first one and it uses iframes and in that frame I can put my application but I will need the name of the connected users which the only option is to get it from the source code using javascript the problem is that user name inside a css class not id
if you have any ideas how can I get it please help thanks to you all
<div class="Entete_User">
<div class="Entete_UserName">USER NAME <br> USER CITY</div>
</div>
<div class="body">
<iframe id="myiframe" frameborder="0" allowTransparency="allowTransparency" src="MYPAGE.aspx"></iframe>
</div>
</form>
To get the content of the element in the parent window from inside the iFrame :
window.parent.document.getElementsByClassName('Entete_UserName')[0].innerHTML;
Try this but make sure Iframe and your origin page in same domain as iframe does not support cross domain
JavaScript
window.parent.document.getElementById('parentElement')[0].innerHTML;;
Jquery
$('#parentElement', window.parent.document);
this is for outside the iframe trying to see whats inside..
document.getElementById("myiframe").contentWindow.document.getElementById()
but you have to be on the same domain
document.getElementById("ctrl").disabled = true;
this works in IE but does not works in mozila. What shoul I do?
Did you try:
document.getElementById("ctrl").setAttribute('disabled', true);
<body>
<input id="btnSubmit" type="button" value="submit" onclick="disabled(this);"/>
<script>
function disabled(ctrl) {
ctrl.disabled = true;
}
</script>
</body>
It is hard to tell what the issue is that you are having. Does mozilla do anything when the code is executed? does it display an error? What version of ie did you test it with? And can you also provide the html for the ctrl element?
One of the issue with IE and the getElementById method is that in some versions of the browser it will match on the id attribute of a tag as well as the name attribute (which does not follow the JavaScript spec). In Mozilla it is only matching using the id attribute.
http://msdn.microsoft.com/en-us/library/ms536437(VS.85).aspx