Accessing iframe elements across different domains

views:

948

answers:

+1 Q:

Accessing iframe elements across different domains

I understand that cross site scripting (xss) is not good and is not supported in most browsers. However, I am building a page to be used only by about 3 or 4 people within my company. On this page I have a frame from another domain and I need the parent page to be able to access the values within that frame.

So my question is, is there a way (changing settings, etc), in either Firefox or IE7, to allow this to happen? Preferably (though not necessarily) any setting change would be for my domain explicitly.

I've found some help online that says that in FF you can add capability.policy to allow this. I haven't had any luck though, perhaps that isn't supported in FF3.

A couple ideas of the top of my head:

In IE you can change the settings for the security zone that your site is in. I suggest you add the domains to "Trusted sites" and then make sure that ""Access data sources across domains." is enabled for the Trusted Sites-zone. You can find more info here.
If you have a domain-name which you have control over, maybe you can set up sub-domains which point to the sites in the different frames? Thereby fooling the web browser that they are part of the same site?
If you like coding you can create a custom app which uses the IE-browser control and implements its own IInternetSecurityManager (http://msdn.microsoft.com/en-us/library/ms537130(VS.85).aspx) which allows cross-domain script access.

Yrlec 2009-05-08 22:08:43

I've tried setting up the trusted site and access data across domains. That was my first idea too, but alas for some reason that doesn't work. It really seems like there should just be a switch like that though.I could try the subdomain trick. Its a bit of a bitch, but if it works....

2009-05-08 22:27:02

There's also the security-option "Navigate windows and frames across different domains". Make sure that is enabled as well.

Yrlec 2009-05-08 22:55:21

Have you checked out the Cross-domain Request (XDR)?
link to MSDN

Also check this other info on XDR

Stefan 2009-05-08 22:28:17

I did come across that during my journey, would this work for grabbing elements from an iframe? I haven't really looked into it, though I'll start now.

2009-05-08 22:35:15

Looking into that, it does seem like it could work. Since I have control over both domains, I'll try setting this up.

2009-05-08 22:40:10

I havent used that myself, but I know others at my workplace that successfully done it. Good luck! ;)

Stefan 2009-05-09 01:32:47

Well, this does allow me to load a url from another domain, unfortunately it doesn't work for grabbing values from an iframe though. Its used for Ajax.

2009-05-11 18:59:59

Another option is to set up a proxy page so that the pages appear to originate in the same domain. Proxy pages can be terribly vulnerable to XSS, depending on implementation. Even though you state that that's not a concern here, it's important to consider.

outis 2009-05-08 22:53:54

Do you know where I can get more information about how to do this?

2009-05-11 19:00:53

Not off hand. I've never needed a reference for the technique. You could see what Google has to say:http://www.google.com/search?q=AJAX+PHP+proxy

outis 2009-05-12 06:24:22

ansaurus

tags:

views:

answers:

Accessing iframe elements across different domains

related questions