I need to get notified whenever a user clicks a link on a page in an iframe that is not from the same doamin. I'm aware of xss restrictions, however all i need to know is the current page being served in the Iframe. Is there a way to do this without violating xss rules?
A:
If not for cross-site scripting restrictions this should work. Unfortunately I don't know of a way to get the URL without violating these restrictions.
<html>
<head>
<script type="text/javascript">
function GetIFrameUrl()
{
alert('url = ' + document.frames['frame1'].location.href);
}
</script>
</head>
<body>
<a href="#" onclick="GetIFrameUrl();">Find the iFrame URL</a>
<iframe name="frame1" src="http://www.google.com" width="100%" height="400"></iframe>
</body>
</html>
Joshua Poehls
2009-04-14 18:20:39
Does this viloate xss rules?
Micah
2009-04-14 18:25:14
Yes, it does. I don't believe there is a way to do what you need without violating the rules.
Joshua Poehls
2009-04-15 05:40:49