CodingForums.com - View Single Post

Old Pedant · 01-24-2013, 01:02 AM

Clearly there is *NOTHING* you can do if the contents of the <iframe> are not coming from the *SAME SITE* and the *SAME SECURITY LEVEL* as the main page.

I see that the URL for the <iframe> starts with "https://".

Let's pretend the full URL is something like "https://www.sitex.com/page32.php"

That means that, in order for you to be able to use JavaScript to affect it *AT ALL*, the URL of the main page (the one containing the <iframe> *MUST* be
"https://www.sitex.com/...and only this part can differ..."

Sorry, but those are the rules. It is called "cross site scripting" and is disallowed by all browsers.

01-24-2013, 01:02 AM	PM User \| #7
Old Pedant Supreme Master coder! Join Date: Feb 2009 Posts: 23,556 Thanks: 62 Thanked 4,055 Times in 4,024 Posts	Clearly there is NOTHING you can do if the contents of the <iframe> are not coming from the SAME SITE and the SAME SECURITY LEVEL as the main page. I see that the URL for the <iframe> starts with "https://". Let's pretend the full URL is something like "https://www.sitex.com/page32.php" That means that, in order for you to be able to use JavaScript to affect it AT ALL, the URL of the main page (the one containing the <iframe> MUST be "https://www.sitex.com/...and only this part can differ..." Sorry, but those are the rules. It is called "cross site scripting" and is disallowed by all browsers. __________________ An optimist sees the glass as half full. A pessimist sees the glass as half empty. A realist drinks it no matter how much there is.