I have an HTML page (say welcome.html) which contains an iframe to a page I have no control over (say app.html). The user performs some actions using the app within the iframe and clicks submit. Once they do this, they are taken to a new page (say thanks.jsp), which loads within the iframe. Is there a way in which I can force thanks.jsp to load in the full frame and not the iframe once submit is clicked? Remember, I have no control over the logic behind that Submit button or app.html. I do however have control over welcome.html and thanks.jsp. If possible, I would like to stick with HTML and/or JavaScript. Thank you in advance.
You probably want to use a framebuster, with a base target in case it fails.
First:
If thanks.jsp is requested via a post request - redirect so it you present the page as the response to a get request.
Then:
Include framebuster JavaScript:
<script type="text/javascript">
if (self != top) { top.location.replace(location); }
</script>
Finally:
In case the user doesn't have JavaScript enabled, make sure they don't stay in the frame any longer then they have to:
<base target="_top">
On thanks.jsp you can put in the following JS:
// Parent window not the same as this one
if (self !=top)
{
top.location.href = self.location.href;
}
This will work provided that you have thanks.jsp on the same server as the original page containing the frame, due to the same origin policy.
The above code checks the url of the page you're on, then the one of the page it's executing on (thanks.jsp) - if they don't match you're sent to the thanks.jsp url. This method works fine when thanks.jsp is a static page, but won't carry postdata etc across with it.
Related
I have the following situation: A static web page, say whatever.html, which contains one iframe, both on the same website. The iframe contains a dynamic page (CGI/Perl), say cgi.pl?param=a; based on user action the content of the iframe will be replace by new pages (same CGI script with different parameters), say cgi.pl?param=b.
If the user opens only the iframe page I am able to redirect to the original parent page (the static HTML page):
if(self==top)
top.location.href = "http://www..../whatever.html";
This works, but I would like that the iframe contained in that page is set to the dynamic page which reestablishes the parent. In my solution the iframe will contain only the default dynamic page (cgi.pl?param=a), but it should show cgi.pl?param=b in the iframe.
I hope I explained clearly.
Thanks for your help!
pi
The answer is straightforward. Use the script above to call the container web page with a parameter (e.g. test.html?abcd) and then use a script calling
window.location.search.substring(1)
to send the parameter to the iframe src.
http://sequoiapacificmortgage.com/loan-application/
I have embedded the clients' loan application form (on another website) into an iFrame so the user stays on the site. The loan application (upon submit) redirects to the client's Home Page, but unfortunately, it stays within the frame rather than going to the main Home Page window. I had inquired here about how to remedy this, and was told that the Target attribute target="_top" would do the trick.
The loan application processor people have no way to add the Target attribute to the redirect URL, and they have suggested the following:
"The thank you page after the application and before the redirect URL has a unique URL.
Is it possible to code your iframe to recognize this URL and redirect the full site to your home page rather than depending on the vLender redirect within the iframe?
I am including the unique thank you page URL from Lori's website below, the ref_ID attribute is the unique application ID number assigned to my test application (the application ID's are generated using the first 3 letters of the applicant's first name [LYN for Lynsee] and the first 3 letters of the applicant's last name [TES for Testing] followed by the numeric sequence) but you should be able to remove that and have your custom site's code recognize the .php url which would trigger a redirect within your site's code that would take place before our system enacts its redirect to the home page within the iframe.
(https://www.vlender.com/apps/templates/new_thank_you.php?ref_id=LYNTES998262971)"
Is it even possible to do this? Thanks for your advice!
regards, Ned
EDIT:
You could handle the navigation of the iframe, and see what url it goes to.
use onload to see when the iframe navigated to a new page, and contentWindow.location.href to get the url from the iframe.
something like:
function checkURL() {
if(document.getElementById('iframeID').contentWindow.location.href == "UNIQUE_URL") // if the location of the iframe is the unique url
window.location = "redirect.html"; //redirect this page somewhere else.
});
<iframe id="iframeID" onload="checkURL();" ... //onload fires when a page loads in the iframe
on load: http://w3schools.com/jsref/event_frame_onload.asp
get iframe URL:
Get current URL from IFRAME
Is it possible to change page content if element exist on page ?
if (window.frames[0].document.getElementById('xl')) { //load content of page acta.html}
Only if the content loaded in the frames is in the same domain of the page where the script is executed. See the Same-Origin Policy – SOP.
Otherwise you can't access to the frame's DOM.
If the page are in the same domain, then your code is perfectly valid – assume the page in the frames is loaded.
Update:
To change the content, then you can simple change location object of the frame:
if (window.frames[0].document.getElementById('xl')) {
window.frames[0].location.href = "acta.html";
}
If you have a reference to the frame / iframe element instead of the window's (frame[0]), you can also use the src attribute.
You can also change the top window's location just doing:
window.location.href = "acta.html";
However that will change, of course, the URL of the page too. If you want to keep the URL as before, you should use another iframe that basically wraps your current main window and the hidden frame. So the URL displayed in the address bar will not change even if you change the content of the first frames to "acta.html".
Another approach could be use the XMLHttpRequest object to makes a http call and load your page's source, then replace the body of the current page with the one's retrieved by the XHR. However, that's ugly. This kind of redirection, keeping the same URL, should be done on server side, not on client side.
I am building an application where I want to load a page from another server into my page. The particular page that I'm pulling data from depends on a query that is being run (with OAuth access) on that foreign server. Once I get the URL for that page, I am loading it in an iFrame and displaying it on my page.
The problem is, the URL that the query gives me is actually to a page that forwards three times before getting to where I actually want to go. To make things more complicated, it also has frame-buster code on the initial page. I set my page to redirect to a page that returns a 204 status on page unload so as to beat the frame-buster, but now it's just stuck displaying the initial blank page instead of the content I want, which is at the end of three redirects.
My initial idea was to try to capture the code for the outgoing location request on page unload. I had hoped to be able to see where the user is being redirected to and load that request inside the iFrame instead. Repeat three times to get the correct page in the iFrame. Intuitively, however, this felt like it shouldn't be able to work, and of course it does not because letting pages see where their users are going to upon leaving a site would be a major privacy issue.
Next, I was thinking that maybe I could just parse each new page in turn as it was loaded into the iFrame to find the script for the redirect. I'm pretty sure it's done on the server side, however, since looking at the code I was getting didn't turn anything up.
I started looking for ways to maintain that redirection inside the iFrame. That is, allow the redirect to occur, but force it to stay inside the iFrame while also preventing the frame-buster code from doing anything. This would be the easiest solution, but I can't find a good way to do it. Right now, I just have a blank page loading inside an iFrame, and I think there's something on the server side that performs the redirect that isn't running in the iFrame. The frame buster code only prevents the entire document from changing, not the iFrame. Is there a good way to do this or am I going about things the wrong way?
To prevent the frame buster, from here:
<script type="text/javascript">
var prevent_bust = 0
window.onbeforeunload = function() { prevent_bust++ }
setInterval(function() {
if (prevent_bust > 0) {
prevent_bust -= 2
window.top.location = 'http://server-which-responds-with-204.com'
}
}, 1)
</script>
load the first page via curl locally, strip the busting code, make all links absolute and display that in the iframe.
it should redirect as espected and do your merry thing.
Good luck making all the urls in the document absolute. Dont forget javascript urls and functions you might need to override by pasting in your owncode after the script tags.
Let's say we have a web-page at a given location (like www.foo.com/page1.html) and that page contains this (global) code:
if (self != top) {
top.location.replace(location.href);
}
So, if we try to load that page into an IFRAME, the page will "jump" out of the iframe into the browser window, which will (as a consequence) destroy the page that contained the iframe.
This is OK, but I would like to implement an exception to that rule. Specifically, there is this other page on a different domain (like www.bar.com/page2.html), and I would like that this other page is able to embed the first page via an IFRAME.
How would I have to modify the code of the first page, so that it allows to be embedded into the other page?
Is this OK?
if (self != top && top.location.href !== "http://www.bar.com/page2.html") {
top.location.replace(location.href);
}
I doubt you'll be able to check the external parent page's URL because the Same Origin Policy should prevent access to any of its properties.
Maybe there is some trickery that I'm aware of that allows it anyway. Barring that, the best idea that comes to my mind is checking document.referrer. As far as I know, a document requested in an iframe will always have the embedding page's URL in the referrer across browsers.
If the referrer is http://www.bar.com/page2.html, the page is either in an iframe on that page, or it was linked to from there (which is the only really big shortcoming of this method: You can't tell for 100% sure whether it's an incoming link, or an iframe embed).
Obviously, the document's referrer is spoofable by the client but I don't think that's an issue here.
If you pass X-FRAME-OPTIONS http header with the value of SAMEORIGIN, most modern browsers (including IE8) will not let the content be iframed from an alien domain.
I thought it may help.