I have searched some things about click on coordinates with javascript and
i have found that this line of code helps you click on x,y coordinates
document.elementFromPoint(x, y).click();
So when i put the width and height of an html element or a button it clicks it good and it redirects me to the page that i want.
But when i have an iframe html object (like a google ad) it doesnt work.
I cant understand why though because i think "click()" is like simulating a normal mouse click... or am I wrong with this?
I have read that iframe has a protection that you cant go inside the html elements but all i'm trying to figure out is how to simulate a normal click on the iframe.
Thanks a lot for your time.
This is obviously prohibited due to security issues.
If it was possible to programmatically trigger a click event within an iframe, you could trigger certain actions on behalf of the user visiting your page. You could for example open your own twitter account in an iframe -- the visitor of your page logged in -- and let the user follow you with a click on the follow button. You can certainly think of more critical examples...
Basically, you could take over all accounts the user is logged in with a cookie. You can open any web page in an iframe and act on behalf of the logged in user by simulating click or keyboard events.
Related
I am trying to build a code that does a request when a cross-origin iframe is clicked and it directs the main window to a new page.
Since it's impossible to directly tap into Iframe click events, I thought of the following conditions as necessary:
page unload event occurs
the window is out of focus
Page unload (As far as I know) happens only when the current url is directed to some other url.
Now, this unload could happen by clicking any link. To restrict it to Iframes, I added the condition of window being out of focus.
addEventListener('beforeunload',(event) =>{
if(!(document.hasFocus())){
// Do Something
}
});
My question is, are their any limitations to this approach? If yes, then please suggest some more conditions to make it as close to reality.
For those of you, who are curious: I want to track clicks on Google AdSense Iframes on my website.
Details :-
In Our Project, we need to implement a functionality where we need to logout the user if he/she is inactive for 5 minutes. We need to consider user as inactive if he/she has not moved mouse for 5 mins.
We are able to achieve this in all normal pages but facing difficulties to implement in one page where we have an iframe in a page and that iframe plays videos and other swf, mp4 files. Also inside an iframe, there is another frame which acts as a wrapper for the content.
In above page, we are not able to track mouse movement and hence not able to detect whether user is active or not.
After lots of research, we have implemented code which works fine if we run through browser console but doesn't work when I keep this on page.
Has someone worked on similar functionality or know anything related to this? It would be great if someone can help me for this functionality.
Note :- Also there are click in Iframes
The iframe's source is technically speaking its own document (documentception?). The trick is to listen to the mouse events inside this document. Though I don't if this is allowed by the same origin policy, you could always give it a try.
Using plain JS:
var iframeDocument = document.querySelector('iframe').contentDocument;
iframeDocument.addEventListener('mousemove', function (event) {
console.log(event.pageX, event.pageY);
});
Using jQuery:
$('iframe').contents().mousemove(function(e) {
console.log(e.pageX, e.pageY);
});
You could go even further by dispatching all events made inside the iframe's document to the parent document. This gives you the advantage to use just one listener for all events, whether they come from inside the <iframe> or not.
I have an application where I use an iframe for a facebook likebox.
I want to subscribe, in the main page, to the event when the user clicks on the like button in the iframe.
Basically as soon as the user likes the page I want him to be redirected to a page I'll specify.
What javascript command can I use?
Thanks
Unless your parent document is on the same domain as the Facebook Like frame, you can't script into it at all, for security reasons. This is the Same Origin Policy. It prevents you not only from detecting the click but also from impersonating the user, forcing them to perform actions (such as Liking you) without their consent.
You can try to place an element on top of the frame to detect clicks, but by intercepting the click you also stop it going through to the frame. About the best you can do is detect a hover over the area of the Like button and remove the covering element, allowing the user to click. This isn't reliable though since it'll catch all mouseovers.
You can hook this up to the button
onclick = "window.location('www.google.com')"
obviously replacing the URL with yours. But you might want to check if that's legal.
Facebook Connect has a recent bug that is causing the permissions pop-up window to not close and refresh the parent window as it is designed to do. Instead, after approval by the user it attempts to load the page directly in the pop-up window which is an awful user experience and really hurting our registrations. You can see the bug by registering for our site using Facebook Connect: http://alltrails.com
The URL of the page after the user connects that Facebook Connect is incorrectly loading in the permissions pop-up window is of the form:
http://alltrails.com/?installed=1&session={"session_key":"2.Gu0duOqdElNjXRac5wnetw__.3600.1283799600-1486832834","uid":1486832834,"expires":1283799600,"secret":"tKFaEgBTF9RJeuQZfYUSCw__","base_domain":"alltrails.com","sig":"a8dd9f75418b530ae6c3d935e14274c4"}
I'm hoping that someone much better at JavaScript than myself could suggest a simple code snippet that we could add to our homepage that would only be invoked if the page URL includes '?installed=1' and would do the following to allow the same user experience as Facebook Connect was intended to provide:
Close the permissions pop-up window
Load the appropriate page http://alltrails.com/register/facebook in the original parent window
I've tried to do this a bunch of different ways but haven't had any luck with getting it to work correctly. Thanks in advance for your help!
It's a (unconfirmed) bug.
http://bugs.developers.facebook.net/show_bug.cgi?id=12260
Hopefully it gets more votes so it gets fixed - vote people!
In the meantime, i am (attempting) to employ the following 'creative workaround':
Add logic to my Default.aspx page to detect that URL they are redirecting to in the popup.
Redirect to my page, FacebookInboundAuthorization.aspx, preserving querystring.
On load of that page, register some JavaScript to close the popup and manually fire the "onlogin" event handler for my button.
EDIT - Another possible solution
So i do something like this for the "Disconnect from Facebook" button, which has a similar bug which has been in FBC from day 1. If the user is already logged in, and you click the "Disconnect from Facebook" button, the "onlogin" handler is not fired.
So what i ended up doing is replacing the Facebook Disconnect button with my own regular anchor tag, mimicing the Facebook CSS. This way i can have full control over the click event (fire the function i want).
So, this principle could (theoretically) be applied to this current bug.
That is, after you do FB.Init on client-side:
Check FB auth status using FB.Connect.ifUserConnected
If user is connected, hide the regular FB:Login button, and show your "fake" FB Login button. Copy across the "onlogin" function from your regular FB:Login button to your fake button as the onclick event.
Your Fake FB Login button would be a regular anchor tag, with the same CSS applied to the regular FB Login buton.
So essentially, if the user is already connected, we don't really need FB's intervention for authentication, we can just do whatever we want (request perms, redirect, etc).
That should work.
Unfortunately i have higher priority things i need to work on, but it sounds like this is top priority for you.
So give that a go, hope it helps.
I have an iframe that references an external URL that serves up pages that contain Flash adverts.
I need to track how often a customer clicks on one of those adverts.
The approach I am taking is to render a div element over the iframe. This allows me to intercept the click event, however I need to pass that click down to the iframe. Is this possible using JavaScript?
No, it's not possible. You can't simulate a real click in javascript, you can only fire click events.
I do not think that it is possible as well
But, assuming that the clicks redirect the user to the site of the advert, you could intercept the user click using redirections. Change the link to some script on your own server with some unique advert id. Register the click and redirect the user to the advertisement page.
Another possibility is to use this technique to load the contents of the iframe, so you known the amount of customers viewed the advertisement. But this of course might be an advertisement scheme your advertisement customer does not like/want.
You can't pass the click through by any legitimate means, and you'll run up against cross-domain problems if you tried to fake it in anyway. And I would definitely stay away from anything that looks like a clickjacking solution - it's bound to stop working (and feels evil too).
You may be able to hack something, depending on how accurate it has to be. This would involve tracking the sequence of events happening when user has put their mouse into the banner area and then left the page (inferring that they clicked on the ad). You'll miss some, and you may catch some false positives too.
It would work something like:
Leave the covering div in place
onMouseOver, hide the div and set an
onbeforeunload event handler that
registers a "click" through an AJAX post (or similar)
when the mouse moves out of the banner area it means they didn't click the ad, so show the div again and remove the event handler
I'd guesstimate you'd get about 80-90% accuracy, but you're going to have to test on a lot of browsers. It's also assuming the ad loads into the same window and not a new one. If it loads into a new one then I think it's going to be even harder.