• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1434
  • Last Modified:

Using Javascript to fill out a form inside an iframe html-element

The code snippet shows what I'm trying to do.
I want to use javscript to manipulate the html elements that lie inside an iframe.
However, the code produces an javascript "Access denied" error. Any attempt to access the elemtns within the iframe fail like this. A quick search on the internet reveals, that this is because the parent document and the iframe src are from two completely different domains.

According to this link "http://www.dyn-web.com/tutorials/iframes/", the restriction can be eased, but supposedly its only if one domain is a subdomain of the other. I tried, but it didn't work. I essentially just tried to set the parents document.domain variable equals to the domain of the page inside the iframe.

So, is there any other way I can access the iframe elements from the parent document?
var tmp = window.frames[0].document.getElementByName('Username');

Open in new window

0
uhm179
Asked:
uhm179
  • 3
1 Solution
 
uhm179Author Commented:
Okay, I stumbled across a post on some forum about cross-site scripting:

"It's not crazy as it's for security reasons. If cross-domain access was allowed, I could easily craft a script which grabs say session data from all users on a site, or even create a keylogger, and then sends all gathered data to my own site. Given that I can inject it on your site or one accessed via it.

Yes, you'll have to use a serverside script to "bounce" off-site access, as you can have greater control that way."

So, what I'm doing is prohibited for security reasons. But it seems I can achieve what I want indirectly.
What doese he mean with "serverside script to "bounce" off-site access" ?
0
 
Michel PlungjanIT ExpertCommented:
It is called a proxy.

Change the call to the page in the iframe to a call to a server process on your site.
then get the iframe page and serve it as your own page
0
 
uhm179Author Commented:
Thx for the info. While not directly helpful, the word "proxy" enabled me to conduct a better search on the internet, leading me to a site, that covers the iframe cross-scripting problem in great detail with a working solution:

http://pipwerks.com/journal/2008/11/30/iframes-and-cross-domain-security-part-2/
0
 
uhm179Author Commented:
your post, while not directful helpful, did point me in the right direction. Proxy was the keyword, and it enabled me to find a complete guide on working around the ifram cross-scripting problem.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now