I have a page thusly:
<html>
    <head></head>
    <body>
        <iframe src="local.html"></iframe>
        <iframe src="http://www.google.com"></iframe>
    </body>
</html>
I've used the DOM to access the first iframe as a test (node.documentWindow) but when I try similar on the external iframe Firebug reports that access is denied.
I suspect this is for XSS protection, but is there a "safe" way to import the node so I can grab an element from that external page? Is there a way to explore the "document as rendered" or something?
Thanks!
Nope. Cross domain security prevents this. The only way around is if the surrounding page, and the iframe, are on different subdomains on the same domain. In that case, you can use document.domain.
This is pretty much a given. Imagine the security implications if this were not the case. You could build an iframe containing a user's home banking page, and grab their password using keydown, for example. There's tons of possibilities of misuse.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With