How can you access an external iframe's conten

2019-01-26 17:27发布

问题:

I have a page thusly:

<html>
    <head></head>
    <body>
        <iframe src="local.html"></iframe>
        <iframe src="http://www.google.com"></iframe>
    </body>
</html>

I've used the DOM to access the first iframe as a test (node.documentWindow) but when I try similar on the external iframe Firebug reports that access is denied.

I suspect this is for XSS protection, but is there a "safe" way to import the node so I can grab an element from that external page? Is there a way to explore the "document as rendered" or something?

Thanks!

回答1:

Nope. Cross domain security prevents this. The only way around is if the surrounding page, and the iframe, are on different subdomains on the same domain. In that case, you can use document.domain.

This is pretty much a given. Imagine the security implications if this were not the case. You could build an iframe containing a user's home banking page, and grab their password using keydown, for example. There's tons of possibilities of misuse.