I'm loading an external page into an IFRAME, which contains an advertisment that I don't want to let load.
Is there a way I can set a URL/domain blacklist for any content inside an IFRAME?
+1
A:
No, if you could alter an external page then it could lead to XSS attacks. You'll have to rely on things like AdBlock Plus, etc.
geowa4
2009-02-03 16:28:54
+4
A:
I'm assuming you're developing on the server side, some kind of Web app.
What I'd reach for in this situation is something like Perl::HTTP::Proxy.
Instead of pointing your IFRAME directly at the external site, point it to a "proxy" process (page, servlet, PHP script, doesn't matter) on your own site. This code fetches the content of the URL given to it, and filters out the offending ad code before serving the modified response.
I can't comment on the legality or ethics of doing this; depending on the situation, someone might not be happy that you're serving their content but not showing the ads they're getting money for.
Morendil
2009-02-03 16:36:11
Great idea! Thanks so much.
Jenko
2009-02-03 17:21:34
A:
No. But there is one way you can interfere with an iframe's scripts externally:
<iframe security="restricted">
This is an IE6+-only extension, see http://msdn.microsoft.com/en-us/library/ms534622(VS.85).aspx.
This mechanism is poorly-designed and pretty much a dead loss for any kind of actual security, but if the ad in the child page relies on JavaScript to write its iframe (many ad networks do this), then you might be able to break it like this. Of course you would also be breaking any other scripts on the page, and you may well still get a bunch of non-script-based ads.
Not really satisfactory.
bobince
2009-02-03 16:44:53
A:
Proxy the request internally and manipulate the raw HTML before returning it?
annakata
2009-02-03 16:47:35