Since you people have helped me many times in the past with the iframes and have always given me solid advice, i thought i would try again. My website at: http://www.krillmeed.com/index.htmluses iframes, not the best design but my visitors like it. Works well apart from one thing. The blog which is hosted on the same domain is a Wordpress, people can view it but not login when its in the iframe. The same goes for the Database which is a Mediawiki, but is hosted on my other domain at http://lcarsmemoryalpha.com/index.html I have complete access to both of these.
I have read that i can allow access in Iframes to correct this either from Same-Origin or Allow-From. Is this possible? If so, what do i do and where do i put it? I have read different opinions and options, which i found confusing.
Can anyone help?
Last edited by krillmeed; 02-19-2013 at 12:15 PM..
I just tested it on my website. In the iframe, I put in the url of another website of mine that has a login. It worked good. I had to allow "forms". I'm still not so sure about the security issues of this. I never use <iframe> anyhow.
The demo also requires HTML5, so people with older browsers can't use it.
Thanks for that, never got too far with testing it, since the computer i use for working on my website still has XP which cannot use sandbox. I was hoping for something a little easier. I mean this is my index page at the moment:
Code:
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META HTTP-EQUIV="Content-Language" CONTENT="en-us">
<meta name="title" content="Krillmeeds star trek site" />
<meta name="description" content="A star trek nexus including images, screencaps, audio files, ecards, conventions list, forum, themes, software,videos,animations, scripts and tools to build your own star trek website. Even a star trek wiki" />
<meta name="keywords" content="Star trek, star trek waves, star trek images, star trek animations, star trek wiki, star trek forum, star trek ecards, star trek news, star trek conventions, star trek scripts, star trek themes, star trek software, star trek videos" />
<meta name="author" content="krillmeed" />
<meta name="owner" content="krillmeed" />
<meta name="copyright" content="(c) 2011 krillmeed" />
<LINK rel="stylesheet" href="lcars.css">
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript">AC_FL_RunContent = 0;</script>
<script src="AC_RunActiveContent.js" language="javascript"></script>
<script language="Javascript" src="lcarsindex.js" type= "text/javascript"></script>
<TITLE>Krillmeeds Star Trek site</TITLE>
</HEAD>
<BODY class=Template bgcolor=Black>
<div class=TopPanel>
<script language="javascript">AC_FL_RunContent = 0;</script>
<script src="AC_RunActiveContent.js" language="javascript"></script>
<script language="javascript">
if (AC_FL_RunContent == 0) {
alert("This page requires AC_RunActiveContent.js. In Flash, run \"Apply Active Content Update\" in the Commands menu to copy AC_RunActiveContent.js to the HTML output folder.");
} else {
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0','width','100%','height','100%','title','Top','src','pages/bars/top','quality','high','pluginspage','http://www.macromedia.com/go/getflashplayer','scale','exactfit','movie','pages/bars/top' ); //end AC code
}
</script>
<noscript>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="100%" height="100%" title="Top">
<param name="movie" value="pages/bars/top.swf">
<param name="quality" value="high">
<param name="SCALE" value="exactfit">
<embed src="pages/bars/top.swf" width="100%" height="100%" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" scale="exactfit"></embed>
</object></noscript>
</div>
<DIV ID=Buttons Class=Buttons></DIV>
<DIV Class=SidePanel>
<script language="javascript">AC_FL_RunContent = 0;</script>
<script src="AC_RunActiveContent.js" language="javascript"></script>
<script language="javascript">
if (AC_FL_RunContent == 0) {
alert("This page requires AC_RunActiveContent.js. In Flash, run \"Apply Active Content Update\" in the Commands menu to copy AC_RunActiveContent.js to the HTML output folder.");
} else {
AC_FL_RunContent(
'codebase', 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0',
'width', '46%',
'height', '90%',
'src', 'pages/bars/side',
'quality', 'high',
'pluginspage', 'http://www.macromedia.com/go/getflashplayer',
'align', 'middle',
'play', 'true',
'loop', 'true',
'scale', 'ExactFit',
'wmode', 'transparent',
'devicefont', 'false',
'id', 'pages/bars/side',
'bgcolor', '#000000',
'name', 'pages/bars/side',
'menu', 'true',
'allowScriptAccess','sameDomain',
'movie', 'pages/bars/side',
'vertical-align: top', ''
); //end AC code
}
</script>
</DIV>
<DIV Class=InternalPage>
<IFRAME ID="PageContent" NAME="PageContent"
src="http://www.krillmeed.com/main.html" ID="PageContent" height=87% width=100% SCROLLING=AUTO FRAMEBORDER=0></IFRAME> </DIV>
<DIV ID=Cursor></DIV>
<INPUT TYPE=HIDDEN ID=SoundFlag><INPUT TYPE=HIDDEN ID=MouseFlag>
<SCRIPT Language=text/javascript>
var position = document.URL.indexOf('=')+1;
var length = document.URL.length;
var url = document.URL.substring(position, length);
isDOM=document.getElementById?true:false;
if ( isDOM ) {
document.getElementById('PageContent').src = url;
}
else {
PageContent.src = url;
}
if ( isDOM ) {
if ( document.getElementById("MouseFlag").value == "" ) {
HTMLText = "<IMG BORDER=0 Name=MouseToggle ID=MouseToggle src=\"images/MouseOff.gif\" onClick=\"ToggleMouse();\">";
document.getElementById("Buttons").innerHTML = HTMLText;
document.getElementById("MouseFlag").value = "SHOW";
}
else {
if ( document.getElementById("MouseFlag").value == "HIDE" ) {
HTMLText = "<IMG BORDER=0 Name=MouseToggle ID=MouseToggle src=\"images/MouseOn.gif\" onClick=\"ToggleMouse();\">";
document.getElementById("Buttons").innerHTML = HTMLText;
}
if ( document.getElementById("MouseFlag").value == "SHOW" ) {
HTMLText = "<IMG BORDER=0 Name=MouseToggle ID=MouseToggle src=\"images/MouseOff.gif\" onClick=\"ToggleMouse();\">";
document.getElementById("Buttons").innerHTML = HTMLText;
}
}
}
if ( isIE && isDOM ) {
if ( document.getElementById("SoundFlag").value == "" ) {
HTMLText = "<IMG BORDER=0 Name=MusicToggle ID=MusicToggle src=\"images/MusicOff.gif\" onClick=\"ToggleMusic();\">";
document.getElementById("Buttons").innerHTML = document.getElementById("Buttons").innerHTML + HTMLText;
document.getElementById("SoundFlag").value = "PLAY";
}
else {
if ( document.getElementById("SoundFlag").value == "STOP" ) {
HTMLText = "<IMG BORDER=0 Name=MusicToggle ID=MusicToggle src=\"images/MusicOn.gif\" onClick=\"ToggleMusic();\">";
document.getElementById("Buttons").innerHTML = document.getElementById("Buttons").innerHTML + HTMLText;
}
if ( document.getElementById("SoundFlag").value == "PLAY" ) {
HTMLText = "<IMG BORDER=0 Name=MusicToggle ID=MusicToggle src=\"images/MusicOff.gif\" onClick=\"ToggleMusic();\">";
document.getElementById("Buttons").innerHTML = document.getElementById("Buttons").innerHTML + HTMLText;
}
}
}
</SCRIPT>
<script type="text/javascript">
(function(){
function getQval(n) {
if(typeof n !== 'string'){
return null;
}
var r = new RegExp('[?&;]' + n + '=([^&;#]*)'), m = location.search;
return (m = r.exec(m))? unescape(m[1]) : null;
}
var f = getQval('frame'), s = getQval('src');
if(f && frames[f] && s && s.indexOf(location.protocol + '//' + location.hostname + '/') === 0){
frames[f].location.href = s;
}
})();
</script>
</BODY>
</HTML>
This is the index page that came with the download, which i presume i am going to have to incorporate into each other:
Code:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title></title>
<script>
window.onload = function() {
if( "sandbox" in document.createElement("iframe") ) {
sandboxSupported = true;
var element = document.getElementById( "support" );
element.setAttribute( "style", "display: none;" );
} else {
var element = document.getElementById( "options" );
element.setAttribute( "style", "display: none;" );
}
var checkboxes = document.getElementsByTagName( "input" );
for( i = 0; i < checkboxes.length; i++ )
{
checkboxes[i].addEventListener("click", reloadSandboxedFrame );
}
reloadSandboxedFrame();
};
function reloadSandboxedFrame() {
if( !sandboxSupported ) { return; }
var checkboxes = document.getElementsByTagName( "input" );
var sandbox = "";
for( i = 0; i < checkboxes.length; i++ ) {
if( checkboxes[i].checked ) {
sandbox += checkboxes[i].value + " ";
}
}
var iframe = document.getElementById( "theFrame" );
if( !iframe ) {
iframe = document.createElement( "iframe" );
iframe.setAttribute( "id", "theFrame" );
iframe.setAttribute( "scrolling", "no" );
iframe.setAttribute( "width", "100%" );
iframe.setAttribute( "height", "600" );
document.getElementById("page").appendChild(iframe);
}
iframe.setAttribute( "sandbox", sandbox );
iframe.setAttribute( "src", "untrusted.html" );
}
</script>
</head>
<body id="page">
<h1>HTML5 IFrame Sandbox Demo</h1>
<article>
<h2 id="support">Your browser does not support the sandbox attribute!</h2>
</article>
<section id="options">
<h3>Options to modify the sandbox</h3>
<p>Checking an option will reload the page in the IFRAME below with the modified sandbox</p>
<input name="allowJavaScript" type="checkbox" value="allow-scripts" />Allow JavaScript<br/>
<input name="allowForms" type="checkbox" value="allow-forms" />Allow Forms<br/>
<input name="allowSameOrigin" type="checkbox" value="allow-same-origin" />Allow Same Origin<br/>
<input name="allowTopNavigation" type="checkbox" value="allow-top-navigation" />Allow Top Navigation<br/>
<input name="allowPopups" type="checkbox" value="ms-allow-popups" />Allow Popups (Just IE10)<br/>
<h3>Untrusted.html hosted in a sandboxed IFRAME</h3>
</section>
</body>
</html>
I could be wrong, but it looks like it would be impossible with my limited experience. But thank you for your quick reponse all the same, very kind of you sir.
Last edited by krillmeed; 02-18-2013 at 06:48 PM..
Upload that demo as "test.html" after you change the line indicated below.
Windows xp doesn't matter. You browser matters. Look for the line that has "untested.html" in it. Change that to your website blog and see what happens. Use Chrome for your browser.
Tried it, it did open the blog in a iframe properly, but nothing happened at all when it tried to click on "Log in" or "Register". all the other links work correctly, also tried this in firefox and IE also did not work. Funny enough, it did work as it should with the Mediawiki database though, I could login and log out through the iframe no problem with Chrome.
I did some more reading and i think i have found the problem, The wiki database was simple enough, it just needed a P3P Compact Privacy Policy
in the header to work, the Wordpress had filters in it to stop it being used in iframes, having allowed from the same domain it now works. Thank you for all your help and advice.
Before you post, read our: 
Iframes allow_from
