html - How can you access an external iframe's contents via the DOM/Javascript?

Question

Welcome To Ask or Share your Answers For Others

html - How can you access an external iframe's contents via the DOM/Javascript?

posted Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

html - How can you access an external iframe's contents via the DOM/Javascript?

I have a page thusly:

<html>
    <head></head>
    <body>
        <iframe src="local.html"></iframe>
        <iframe src="http://www.google.com"></iframe>
    </body>
</html>

I've used the DOM to access the first iframe as a test (node.documentWindow) but when I try similar on the external iframe Firebug reports that access is denied.

I suspect this is for XSS protection, but is there a "safe" way to import the node so I can grab an element from that external page? Is there a way to explore the "document as rendered" or something?

Thanks!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-23T21:35:22+0000

Nope. Cross domain security prevents this. The only way around is if the surrounding page, and the iframe, are on different subdomains on the same domain. In that case, you can use document.domain.

This is pretty much a given. Imagine the security implications if this were not the case. You could build an iframe containing a user's home banking page, and grab their password using keydown, for example. There's tons of possibilities of misuse.

Categories

html - How can you access an external iframe's contents via the DOM/Javascript?

html - How can you access an external iframe's contents via the DOM/Javascript?

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags