开发者

How do I disable the access denied message when trying to do cross scripting into an iframe?

开发者 https://www.devze.com 2023-03-11 22:22 出处：网络

I have an iframe that points to a website ie. <iframe src=\'http://www.fish.com/\' id=\'fish\'>

相关专题：jquery xss

I have an iframe that points to a website ie.

<iframe src='http://www.fish.com/' id='fish'>

I have a html on my local pc that tries to click a button in the iframe:

alert ( $('#fish').contents().find('#myButton').length );

I have enabled cross site scripting in my browser and lowered security to the max. I still get access denied errors. I have tried in IE6, IE8, and Firefox. How can I remove this restriction? I am trying to test something, and understand the risks etc.

Here is an example:

http://jsfiddle.net/RSbja/

U开发者_运维技巧sing the exact code above.

Firefox needs the option signed.applets.codebase_principal_support set to true (about:config).

Chrome needs to get started with --disable-web-security

IE needs the option allow cross-domain access (...) under Extras -> Security

Those options will disable the security check for cross-domain access on XHR objects and iframes.