Is there any way to run a bookmarklet on an iFrame which is from a different domain?
For example, I have a page loaded from , which has an iFrame whose source is set to . When I run the bookmarklet, it is always run on , since that is the main page. I want to run it on the other iFrame though.
When I attempt to interact with the iFrame (e.g. by changing its source attribute to javascript:alert('test')), Chrome shows the following error:
Unsafe JavaScript attempt to access frame with URL from frame with URL . Domains, protocols and ports must match.
I tried dragging and dropping the bookmarklet into the frame, but it says:
Failed to load resource
Is there any way for me to interact with an iFrame using a bookmarklet in Chrome?
Is there any way to run a bookmarklet on an iFrame which is from a different domain?
For example, I have a page loaded from http://example., which has an iFrame whose source is set to http://example2.. When I run the bookmarklet, it is always run on http://example., since that is the main page. I want to run it on the other iFrame though.
When I attempt to interact with the iFrame (e.g. by changing its source attribute to javascript:alert('test')), Chrome shows the following error:
Unsafe JavaScript attempt to access frame with URL http://example. from frame with URL http://example2.. Domains, protocols and ports must match.
I tried dragging and dropping the bookmarklet into the frame, but it says:
Failed to load resource
Is there any way for me to interact with an iFrame using a bookmarklet in Chrome?
Share Improve this question edited Dec 9, 2011 at 13:41 NakedBrunch 49.4k14 gold badges74 silver badges98 bronze badges asked Dec 19, 2010 at 5:11 SensefulSenseful 91.7k72 gold badges327 silver badges486 bronze badges 1- Have you found the answer for your question? If yes would you please share it? – Ali Shakiba Commented Jun 4, 2011 at 13:28
3 Answers
Reset to default 4There is a way to do cross-domain message-passing (not arbitrary code execution) using window.postMessage, yet all a frame A can do to frame B (when they are not of the same origin) is passing it a message hoping that B has a callback function listening for this message.
So here if you control exemple2. (what's in the frame that don't get the bookmarklet), you can make the bookmarklet pass a message to the iframe and handle it in the iframe.
Else I don't think you have a solution here, except very plicated ones (like proxying).
Other links:
- In-depth article about same origin policy and its implementations in browsers
- A cross-browser, backward patible postMessage attempt (as jQuery plugin)
One option if you are not in control of the page or the iframe is to load the iframe into a new window. The src attribute of the iframe is available to read by the parent JS, which can then open a new tab or window. The user can then click on the bookmarklet a second time to load it into this new page.
iFrames have alot of security on them as do ajax calls.
Any attempt to use these in a cross-domain manner will result in a security error.
Imagine you were able to interact with other iFrames on different domains. You would be able to make an iFrame (like facebook login's page) that had width and height of 100% and add a function to execute on a submit event which would email you the username and pass before submitting.
So you're gonna have a lot of trouble acplishing what you're trying to do. You basically can't mess with a page that you don't own. You can use firebug to edit it with the html tab though.
Hope that helps