tags:

views:

98

answers:

4
Q: 

iframe accessing parent DOM?

How is it possible for a script within an <iframe> to have any notion of the page containing it? Can a script in the frame access any context outside of it? What about cross-domain?

Up until now I believed an <iframe> is completely agnostic to the containing page, but I have seen an example which contradicts this belief.

What exactly can and can't be done from within an <iframe> with respect to the containing page?

+6  A: 

if the content of the iframe and its parent have the same domain, you can access the parent page from the iframe by using parent.document.getElement... - but you can't do this cross-domain.

oezi  2010-04-12 08:47:47
just for reference, `top` is the top document, `self` is the current document and `parent` is the document above the current one.
David Morrissey  2010-04-12 09:08:35
Learn something new every day :)
Olly Hodgson  2010-04-12 09:46:12
+2  A: 

Generally, you can't communicate between the two DOMs across domains. However, there is a way to pass messages between the two using the hash portion of the iframe's url. For iframes on the same domain, see oezi's answer.

This might be of some help, and there's plenty of other questions on the topic around here.

Olly Hodgson  2010-04-12 08:48:21
interesting article, strange that it dismisses html5's postmessage as having not enough support yet as safari, chrome, firefox, opera and even MSIE8 support it. with the jquery postmessage plugin (which uses some of the techniques used in the article you link) it becomes entirely cross-browser.
futtta  2010-04-12 09:27:32
I think that's understandable - it was written in March 2008 :) That jQuery plugin sounds very interesting though.
Olly Hodgson  2010-04-12 09:45:42
A: 

Check out this article, everthing you need to know about xss with iframes

http://softwareas.com/cross-domain-communication-with-iframes

Ivo  2010-04-12 09:04:47
A: 

If they aren't on the same domain, you can communicate some information through the url fragment/hash. Here is a good example of that process...

http://www.tagneto.org/blogcode/xframe/ui.html

John Himmelman  2010-04-16 16:06:16

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?