开发者

From an iframe whose src is an external domain, what methods are available via the "parent" object?

开发者 https://www.devze.com 2023-03-15 12:57 出处:网络
I\'m aware of the cross-domain issue with iframes accessing the parent\'s DOM and vice-versa, however I found that the iframe can redirect it\'s parent to another location. Take a \"parent\" page for

I'm aware of the cross-domain issue with iframes accessing the parent's DOM and vice-versa, however I found that the iframe can redirect it's parent to another location. Take a "parent" page for example:

<!-- http://www.domain1.com -->
<iframe id="some_iframe" src="http://www.domain2.com"></iframe>

And the embedded content:

<!-- http://www.domain2.com -->
<html>
  <head>
    <title>I'm embedded</title>
  </head>
  <body>
    <input type="button" onclick="parent.location = 'http://www.domain3.com';" value="Redirect my parent to another site" />
  </body>
</html>

If the button within the embedded content is clicked, the parent is successfully redirected to a third URL. Obviously the embedded content 开发者_JAVA百科within the iframe has access to setting it's parent's location. However if I try to call any other methods on parent (e.g., "parent.outerHeight") I get "Unsafe JavaScript attempt to access frame with URL http://www.domain1.com/ from frame with http://www.domain2.com/. Domains, protocols and ports must match." in my JS console.

I'm curious what other methods besides "location", if any, is the embedded content able to call on it's parent object. Is there a listing of these public functions? Thanks.


This question is slightly browser-specific. With HTML5, there's a sanctioned way of communicating call postmessage. Here's a link for your review.

0

精彩评论

暂无评论...
验证码 换一张
取 消