PDA

View Full Version : Forcing Javascript Off



mlse
Sep 1st, 2005, 12:08 PM
Hi.

I have a page on a website in development which contains an iFrame. In theory, anything could be specifed as the source of the iFrame by a subscriber.

Is it possible to forceably switch off all the "nasty bits" of a web page (i.e. javascript and vbscript) when including it in an iFrame? (for example, someone could easily write a page which, with a little javascript, would allow them to manipulate the document containing the iFrame). In other words, I don't want to give people the green light to come and do some browser-hijacking via my website!

Cheers,
Mike.

Kor
Sep 1st, 2005, 12:41 PM
anything could be specifed as the source of the iFrame by a subscriber.

I quite don't get it... The cross-reference is not possible, so that an iframe can not interact with the parent page, unless both are on the same domain.

mlse
Sep 1st, 2005, 12:56 PM
Ok, sorry! I think I explained myself badly - basically what I want to do is just to be able to forceably switch off javascript in the thing in the iFrame - if that's possible!

thanks,
mike

Kor
Sep 1st, 2005, 01:43 PM
I still see your quote


for example, someone could easily write a page which, with a little javascript, would allow them to manipulate the document containing the iFrame

And the answer is still the same . NO, somoene can not manipulate the document containing the iframe, as the iframe can not interfere with the parent, unless both are on the same domain...

For instance, if your page have in iframe some other webpages from other domains, those pages can not manipulate your parent page.

...if I well understood your fears...

mlse
Sep 1st, 2005, 03:02 PM
Are you sure? Lol!

I have read somewhere that it is possible to manipulate elements of a web page by getting hold of the parent container (i.e. the web page containing the iFrame) ...

perhaps this was someone trying to scare me though!

If you're sure that people can't do icky things to my web pages via an iFrame then I will take your word for it.