tags:

views:

282

answers:

1
+2  Q: 

How can you access an external iframe's contents via the DOM/Javascript?

I have a page thusly:

<html>
    <body>
        <iframe src="local.html"></iframe>
        <iframe src="http:www.google.com"></iframe>
    </body>
</html>

I've used the DOM to access the first iframe as a test (node.documentWindow) but when I try similar on the external iframe Firebug reports that access is denied.

I suspect this is for XSS protection, but is there a "safe" way to import the node so I can grab an element from that external page? Is there a way to explore the "document as rendered" or something?

Thanks!

+5  A: 

Nope. Cross domain security prevents this. The only way around is if the surrounding page, and the iframe, are on different subdomains on the same domain. In that case, you can use document.domain.

This is pretty much a given. Imagine the security implications if this were not the case. You could build an iframe containing a user's home banking page, and grab their password using keydown, for example. There's tons of possibilities of misuse.

Pekka  2010-03-03 20:32:19
Understood. That's kind of what I figured, thanks for the confirmation.
Alex Mcp  2010-03-03 20:35:11
No problem. I think the only thing you can do is have a simple local PHP proxy script fetch the resource using `file_get_contents()` and pass it through. You might get a working DOM but external references (CSS, images etc.) will be broken if they were relative to the page's location.
Pekka  2010-03-03 20:41:11

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?