I am looking for the way to call the javascript method inside with a different domain iframe.
For example, app.facebook.com contains iframe yyy.com inside.
I would like to call the yyyMethod() inside iframe yyy.com.
app.facebook.com
|__iframe src="yyy.com" name="yyy"
|__yyyMethod();
I tried window.frames["yyy"].contentWindow.yyyMethod(), but it return exception saying that we could not call method across domain.
Restrictions are
1) Adding/Modifying content in both app.facebook.com and yyy.com are prohibited, since I am not the site owner.
2) Execute from browser javascript console is one way to do, but I want to write plug the yyyMethod() caller with some javascipt code. Therefore, execute from browser javascript console may not be a good idea.
Any idea how to do this ? Not sure whether we can call from the chrome extension, bookmarklet, or something else ??
Related
I am trying to access the DOM of an iframe that loads an external URL. Of course that I get a "Permission denied for" error due to cross domain security. How can I make this work? I saw something done with json (but I can not get a json string from my external source) and something done with HTML5 postmessage.
you can see it live at :
http://jsfiddle.net/QPBvJ/
The code is:
$(document).ready(function(){
$('#get').live('click', function() {
var currentIFrame = $('#frameDemo');
currentIFrame.contents().find("a").css("background-color","#BADA55");
alert ("done")
});
});
<iframe src="http://api.jquery.com/" width="80%" height="600" id='frameDemo'></iframe>
<button id="get">Get</button>
What would the the easiest way to make this work.
Thank you
There is no way to make this work. Unless, the foreign domain you try to access supports a procedure like C.O.R.S, JSONP or postMessage.
There are a few exceptions (like always):
If you're dealing with a WebApp for instance, you can tell your users that they have to grant access to cross-domain-calls.
In Gecko/Firefox for instance, you can call
netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead')
which enables the browser to access foreign domains via ajax/iframes. In this scenario, an user has to set
signed.applets.codebase_principal_support
to true under about:config to make this work.
In the Internet Explorers of this world, there is a setting called something like allow cross-domain access deeply hidden in the security tab, which must be set to enable.
Chrome allows cross-domain calls with a commandline argument:
chrome.exe --disable-web-security
I have successfully set up a WKWebView ScriptMessageHandler to receive messages from inside my webview. I'm then using evaluateJavaScript to send responses back into the webview. This works fine when everything is executed on the main frame of the view.
However, when I try to do this inside an iFrame I run into difficulties. I still receive the message in the message handler (complete with WKFrameInfo to tell me where it came from) but I can't find any way to run evalateJavaScript targeting that frame. I could use a window.frames hack in my evaluated JavaScript, but if the iFrame is of a different origin than the parent frame then I'm going to run into cross-domain errors.
Is there any way to identify a frame inside WKWebview, and evaluate JS on it?
Three years later: iOS 14 will support this.
https://developer.apple.com/documentation/webkit/wkwebview/3656442-evaluatejavascript
I'm making a Greasemonkey script which has to call some functions on a swf object. The script works fine in Chrome (with Tampermonkey), but in Firefox, using Greasemonkey, the function doesn't exist. When I try to log it, it shows up as undefined.
Is there some sort of extra security specifically in Firefox/Greasemonkey against calling functions on swfobjects? Any ways to get around it or disable it?
I wrote this code to grab the content of the page which I opened by javascript but my code doesn't work .
could you tell me whats wrong with my code and it would be better if you introduce me a better way to grab a page content, like what I'm trying to do.
var myWindow = window.open("http://www.w3schools.com/jsref/met_win_open.asp", "MsgWindow", "width=200, height=100");
x = myWindow.document.innerHTML;
alert(x);
There are at least two problems there:
You're trying to get the information before it's available (the window.open call returns immediately, before the page is actually loaded).
You can't access information from other origins because of the Same Origin Policy, unless the other site specifically allows you to.
That second issue pretty much makes what you're trying to do impossible to do purely client-side without help from the other site. Instead, you'd have to have a server that requests the information from the other site, and then sends it to your page. (It doesn't necessarily have to be your server; it's possible to use YQL as a cross-domain proxy and there are probably other similar services out there.)
I do a window.open(popupURL) to make a popup. The popup redirects to some other site which redirects back to my site. I use window.setInterval() to watch for when the popup gets back to my site. But I can't find a way to gracefully observe that condition. It makes sense to me, for instance, to evaluate the expression
popup.document.domain === window.document.domain
but it seems that I'm not allowed to read popup.document, as it gives me an error related to the fact that the opener is using HTTP while the popup is using HTTPS. I thought that maybe I could use popup.location somehow, so as to avoid asking for that sensitive foreign document, but trying to read anything out of popup.location produces a similar error. I'm not even allowed to read popup.location.protocol! Is the foreign site's choice of HTTP versus HTTPS really such a big secret?
Anyway I can get around these problems by swallowing those errors in an empty catch block. Then my domain check above seems to work. But is there a way that doesn't involve the ugly catch block?
How about adding two functions to the window A. A function that will be triggered onload, and that will call another function that will do whatever you want. Not sure how it's gonna work once the popup is redirected from B to A - that is if it will have access to window.opener though...
In pseudo code:
//This code will go in the window A, which is also loaded in a popup after a redirect.
window.onload = function(){
if( window.opener && !window.opener.closed ){//This is to make sure only the popup will call it.
doSomething();
}
}
function doSomething(){ //Do soemthing }