I am integrating wikipedia articles dynamically via iframe to my web application. The ?printable=yes parameter hides the menu, example:
https://en.wikipedia.org/wiki/Albert_Einstein?printable=yes
Now my question is if Wikipedia supports further styling which can be linked? I know you can create a Wikipedia account and overwrite styles for that logged-in user, but how would I apply this custom style (via URL parameter for example) for other users. Is that possible?
If not, do you know of any trick to style a cross origin iframe? Or which Wiki API would query the full text and images via a JSON endpoint?
No, that's not possible to add a custom style for anonymous users, like what you can do for logged in by adding styles to a User:MyName/common.js page.
But you can specify a script using ?useskin= parameter, like https://en.wikipedia.org/wiki/Albert_Einstein?useskin=timeless.
Related
I am having some troubles with malicious ads that show interstitials with no close button.
Inspecting the code, I found that DFP uses <iframe> tags to load the ads, but as the content of those iframes are loaded using Javascript (using iframe's document.write(), without src attribute), they get full access to parent window through window.top and window.top.document, allowing advertisers to inject code, show malicious ads and even stole data such as user emails and passwords.
In order to prevent this, I'm looking for a way to block DFP ads to access the main window. Is it possible?
Consider using SafeFrames rather than Friendly Iframes you appear to be using. Quoting from DFP's help page on the subject:
We recommend using SafeFrames and creatives compatible with SafeFrame for expansion instead of friendly iframes. SafeFrame is supported in DFP and enabled by default when using GPT tags. It enables transparent and rich interactions between page content and ads, while preventing external access to sensitive data and providing more granular control over which creatives are rendered
I think you use synchronous rendering, try to change it to asynchronous
https://support.google.com/dfp_premium/answer/183282?hl=en
I'm building a similar solution to twitter's widget.
I was wondering if there is any way to allow others to change the style of the content within my iframe?
I know the same-origin policy exists, however I wonder if there is any header notice that I could emit with the iframe content to allow browsers ignoring the policy?
What about solution, when link to CSS file will be passed through URL parameter or (better solution in my opinion), create URL parameter for every customizable item like this?
?bgcolor=000000&fontcolor=ffffff
To your question about ignoring SOP, look at Cross-origin resource sharing:
HTTP access control (CORS)
Cross-Origin Resource Sharing
sory guys, click the first link you will see the image i been mark by red, after you click the second link, you will see the arrow.
1) http://s261.beta.photobucket.com/user/minaekoz/media/satu.png.html
2) http://s261.beta.photobucket.com/user/minaekoz/media/satua.png.html
Question :
That is social bookmarking site i use to promote my blog but i want to remove the plugin after somebody click that link in the first image.
how can i remove that plugin in the second image after user click the link at the first image?
*sory if my english so bad
I'm not sure how your page is embedded, I guess it's done using frames or an iframe? This would be important to know, but you'll most likely be able to use some javascript code like this (called in some element's onload event (e.g. <body>):
if (window.top != window.self)
window.top.location.replace(window.self.location.href);
I think you can add it through using a custom BlogSpot template or maybe with some of the widgets as well.
Probably you can't. That social bookmarking site will probably open your website in an IFRAME, and therefore, clicks in your page cause IFRAME navigation, and not browser navigation.
Since your site, and the IFRAME site are different, the javascript in your site cannot access the DOM (Document Object Model) in the other site because SOP (Same Origin Policy).
You can disallow that your website run in IFRAMEs by using the X-Frame-Options http header though, but I would leave it like that.
Cheers.
I want to allow some websites to embed an iframe with a page from my domain. However, I don't want anybody to be able to use the iframe content without my permissions. How can I allow only domains of my choice to be able to embed the iframe with the page's content?
I know vimeo does this, and allows video owners to block the video on certain websites that they don't find appropriate.
I want server side ASP.NET solution, because Javascript code can be altered. However if it can be done using javascript code and its secure, It's ok.
From what I've seen, I need to pass the referrer in some way, but in a way that can be manually altered by other website owners to include the iframe themselves and it would work on their website too, without a permission.
Since it will be a standalone page as you mentioned in the comments, you can do this by inspecting the referer property.
Request.UrlReferrer
See that it contains the domain that you want to allow. This property is available when an embedder puts your page in the IFRAME's SRC attribute and the page loads for the first time.
If the user clicks on a link inside the IFRAME, it is not guaranteed to pass the containing page as a referrer.
If you want to allow multiple linked pages inside the IFRAME to allow a specific domain, then you will need to stick to a JavaScript based solution.
Note however that neither method is completely foolproof.
I have to use an embedded search engine in my website which it has it's own style.Now i would like to change just the back-color of table which is presenting in my website. Can you please let me know if this is possible or not?
I already tried adding some style to the header of my page but the link still following the style from original stylesheet.
Thanks
That's not possible if the embedded page isn't served by the same domain (including port).
That's a security restriction.
If you want this kind of interaction, you'll need to have some control of the server of the embedded page in order to set permissions : https://developer.mozilla.org/en/http_access_control
Another (rogue) solution is to fetch the page server-side and to embed it directly in your page.