I'm currently investigating whether it's possible to write a html/aspx page which contains an iframe which can read values entered in text boxes etc.
Some of the knowns are:
This will only need to work with IE 7/8
I have no control over the pages contained in the iframe
The pages in the iframe are from a different domain
I've tried this with a nested page from the same domain and it works fine; I can read the value of a textbox and display it in a messagebox fine. When I try it with a page from a different domain I get an 'Access Denied' error from IE.
For reference the code I'm using to access form elements of the page in the iframe is as follows:
var iframe = document.getElementById("myIframe");
var textBox = iframe.contentWindow.document.getElementById("txtTest");
alert(textBox.value);
I understand that this may not be possible, by design, for security reasons but just want to check first that there's no workarounds before abandoning this idea.
No you can access iframes only if they are in the same domain of the main page.
AFAIK for security reasons you cannot manipulate the parent DOM from an IFrame hosted on a different domain.
Related
I'm using the fetch API to display a webpage inside of a floating widget. The page has a form on it that uses viewstate. It works fine if the widget is on the same domain as the page I'm fetching, but if I put the widget on a different domain, then I get an invalid viewstate error. I have tried several things to resolve the issue, but none work. Does anyone know if it's possible to get this working?
No. If by your definition of widget you mean something like an iframe then this would cause issues regarding XSS if you are trying to manipulate data between the parent frame and iframe, it wouldn't if the domain was the same though due to the same-origin policy.
I have a web site with number of pages, developing in asp.net.
I have a page URL's like:
example:
1) http://www.xyz.com/Home.aspx
2) http://www.xyz.com/Index.aspx
3) http://www.xyz.com/viewMember?Name=abc&id=1
But the end user is at any page, i would like to show the URL like "http://www.xyz.ie".
Is there any setting in web.config ? If not, is there any other way ?
Please help me...
Thanks in advance.
Jagadi
You can not keep one single URL for different page - but you can do some tricks to simulate it.
To make the url stay the same, but the content change, you need to make some trick.
I am not recommend, search engines they will not follow what you do and they show each page different, user can not make bookmark, and average user can easy find the real url of the page, even with one different click on the browser can find it.
One trick is to use frames, or iframes. On the main page you load all the rest inside an iframe, or inside a frame.
Second trick is to use ajax to load each other content.
And finally you can use session to know what to show on the user, user did not change links, but make post back that change the content.
I want to allow some websites to embed an iframe with a page from my domain. However, I don't want anybody to be able to use the iframe content without my permissions. How can I allow only domains of my choice to be able to embed the iframe with the page's content?
I know vimeo does this, and allows video owners to block the video on certain websites that they don't find appropriate.
I want server side ASP.NET solution, because Javascript code can be altered. However if it can be done using javascript code and its secure, It's ok.
From what I've seen, I need to pass the referrer in some way, but in a way that can be manually altered by other website owners to include the iframe themselves and it would work on their website too, without a permission.
Since it will be a standalone page as you mentioned in the comments, you can do this by inspecting the referer property.
Request.UrlReferrer
See that it contains the domain that you want to allow. This property is available when an embedder puts your page in the IFRAME's SRC attribute and the page loads for the first time.
If the user clicks on a link inside the IFRAME, it is not guaranteed to pass the containing page as a referrer.
If you want to allow multiple linked pages inside the IFRAME to allow a specific domain, then you will need to stick to a JavaScript based solution.
Note however that neither method is completely foolproof.
I have to use an embedded search engine in my website which it has it's own style.Now i would like to change just the back-color of table which is presenting in my website. Can you please let me know if this is possible or not?
I already tried adding some style to the header of my page but the link still following the style from original stylesheet.
Thanks
That's not possible if the embedded page isn't served by the same domain (including port).
That's a security restriction.
If you want this kind of interaction, you'll need to have some control of the server of the embedded page in order to set permissions : https://developer.mozilla.org/en/http_access_control
Another (rogue) solution is to fetch the page server-side and to embed it directly in your page.
I am working on a project in drupal in which i have an iframe loaded in another website.
I need to get the url from the address bar.
e.g., lets say i have a website embedded in the iframe as example.com...and another site embedding this iframe has the domain as abcd.com
So, the url that gets formed on accessing any content in the iframe would be like..
abcd.com/#/
I need to get this URL in the iframe.
Please help me resolving this problem. I am tryin to write a custom module for this but dunno how to proceed.
You cannot access the URL of an iframe from the outside. Think about potential XSS attacks that could occur from that:
http://yourbankingsite/account?sessid=2239872379092FEAACC2390823
Of course, this is a bad way to store the session id, but there are quite a few (and popular) sites that do this. If you had access to the iframe URL, a malicious website could be nothing but said iframe and a script to harvest the session ID.
In your iframe you could add a variable to the iframe url and use drupal 'current_path' to get the url of the iframe's parent. Then you could retrieve this variable from your iframe page(and make sure you validate it before you use it). i.e.
www.iframsite.com/iframepage?from=<?php print current_path(); ?>