科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - inject script inside iframe of different domain - Stack Overflow

    javascript - inject script inside iframe of different domain - Stack Overflow

    programmeradmin1浏览0评论

    i was trying to inject script inside an iframe element trying to implement this way, child and parent does not belong to same domain (i know XSS is prevented in latest browsers) is there any way to inject script to child element of button click on parent element. (kinda similar running scripts in chrome console)

    var myIframe = document.getElementById("myIframeId");
var script = myIframe.contentWindow.document.createElement("script");
script.type = "text/javascript";
script.src = "randomshit.js";
myIframe.contentWindow.document.body.appendChild(script);

    i was trying to inject script inside an iframe element trying to implement this way, child and parent does not belong to same domain (i know XSS is prevented in latest browsers) is there any way to inject script to child element of button click on parent element. (kinda similar running scripts in chrome console)

    var myIframe = document.getElementById("myIframeId");
var script = myIframe.contentWindow.document.createElement("script");
script.type = "text/javascript";
script.src = "randomshit.js";
myIframe.contentWindow.document.body.appendChild(script);
    • javascript
    • html
    • iframe
    • inject
    Share Improve this question edited Feb 23, 2013 at 15:17 Mr.Me 9,2965 gold badges41 silver badges51 bronze badges asked Feb 23, 2013 at 14:54 Bhargav KrishnaBhargav Krishna 2271 gold badge4 silver badges12 bronze badges 1
    • No, the cross domain origin policy prohibits this. The pages can municate using messages though. – Benjamin Gruenbaum Commented Feb 23, 2013 at 15:03
    Add a ment  | 

    2 Answers 2

    Reset to default 9

    Nope. Same Origin Policy dates back to Netscape 2.0.

    Unless you can hack/XSS the other site's files to inject the JS, you will have a hard time.

    Now if you legitimately need to municate with the other page, and you either have control of the other page or can setup it to municate with your server, you can use window.postMessage, JSONP or even Ajax with CORS (latter 2 will be harder to pass dynamic content though). But I believe it is not the case.

    using chrome extension add this to manifest { "matches": ["<all_urls>"], "all_frames": true, "js": ["captcha.js"] } and using console you can use this: `var firstIframe = window.frames[0]; console.log(firstIframe);

    // Access the contentDocument of the iframe var iframeDocument = firstIframe.document;

    // Use jQuery within the iframe to select '.img-action-text' elements var elements = $(iframeDocument).find('.img-action-text');`

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论