TL;DR: Can I switch off XSS protection in Internet Explorer in a controlled environment so I can manipulate the DOM inside IFRAMES?
I am creating a kiosk for our public computers in our reception area which allows our users to browse our website as well as a few other local government related sites (ones that help with planning, building licences etc).
The kiosk "application" itself consists of a menu at the top and an iframe at the bottom - the intent is that the menu is always there and allows users to select another site, log off, print, etc. Hence why the sites that they are browsing will appear in an iframe.
Some of these websites (our's included*), make pdf files and external links pop open in a new browser window. Obviously this will break the "kiosk" experience. What I want to know is; is there a way that I can bypass the XSS protection that prevents you from modifying the DOM of an IFRAME - so that I can force these windows to open in the current IFRAME instead?
Please understand that I don't want to "block" the popups, just have a greater degree of control as to the behaviour of the browsing session.
Also note: this application is designed to run in a known environment that we have complete control over (i.e. it's not like it has to work in the wild). So any suggestions that require plugins, registry hacks or third party applications are A-OKAY :)
*yes, I know, I know, I will fix the whole popup thing when I get to do a redesign later in the year