{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 放荡不羁爱自由 的问题《iframe cross-domain access》','https://www.manongdao.com/q-719241.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have an HTML page with an iframe included from a cross domain that doesn't belong to me.
I need to do some basic javascript modifications in the iframe (write value and fire up an event -> form processing).
Because of the same origin policy I'm not allowed to do this. However, I need to do it, so I'm searching for a workaround.
The solution is just important that I can run a script for myself. It is enough if it works in one browser and I don't need security for myself.
On my research I have found a lot of ways to break the same origin policy like document.location (in FF only with similar locations), JSONP/sendMessage (I need to be the owner of both domains) and so on, nothing that works with an iframe of a page that doesn't belong to me.
The only "workaround", if you can't make the other site include the relevant CORS headers, would be to fetch the iframe content server side and serve it as coming from your own domain.
The reason there isn't simpler workaround is due to why there is this same origin policy : to protect users.