{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 神经病院院长 的问题《Drag and drop cross domains, iframes, browsers win》','https://www.manongdao.com/q-572479.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Thanks stackoverflow i solved a lot of my javascript problems, but now i stopped at the point without hope. It is hard to describe, there is clear video shows my problem with drag drop cross-domains iframe.
http://www.youtube.com/watch?v=v65mO27h75E
- First part in Iceweasel (and FF, Opera) = iframe d&d work OK.
- Second part in Chromium (and Chrome) = iframe d&d NOT work.
and there are links to example iframes set and iframes sources:
- parent page: http:// msdrop.com/msdrop-jquery-test-iframe-frameset.htm
- iframe A: http:// msdrop.com
- iframe B: http:// nextgd.com/msdrop-jquery-test-iframe.htm
Is it Chrome bug, or security that comes under "Same origin policy"? This is strange because d&d works excellent between two windows, and want not work at all from parent window to iframe.
Thanks for suggestions. Piotr
EDIT: It's possible Chrome/Chromium security mitigation is overly broad. Issue 251718: https://code.google.com/p/chromium/issues/detail?id=251718
Now, at: http://msdrop.com/msdrop-jquery-test-iframe-frameset.htm there are 4 iframes
In FF, all frames works that i expects.
In Chrome, and Chromium only on iframe A works all dragover, dragenter, dragleave, and drop events.
i think i found answer, drag and drop events works on iframe when open Chromium or Chrome without restrictions.
chromium-browser --disable-web-security
google-chrome --disable-web-security
But if it is about Google Chrome "web security", why JavaScript Console do not show any info or warrning, and why drag and drop works excellent between two windows, drag and drop works even from firefox to chrome.
edit: Google Chrome: "You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer." so flag works but is unsupported?
I do not understand.
Adding sandbox="allow-scripts" to the iframe element solves this issue for me.
eg: