inject script inside iframe of different domain

Asked 23/2, 2013 at 14:54 Answered 23/11, 2023 at 15:33

i was trying to inject script inside an iframe element trying to implement this way, child and parent does not belong to same domain (i know XSS is prevented in latest browsers) is there any way to inject script to child element of button click on parent element. (kinda similar running scripts in chrome console)

var myIframe = document.getElementById("myIframeId");
var script = myIframe.contentWindow.document.createElement("script");
script.type = "text/javascript";
script.src = "randomshit.js";
myIframe.contentWindow.document.body.appendChild(script);

Coverley answered 23/2, 2013 at 14:54 Comment(1)

No, the cross domain origin policy prohibits this. The pages can communicate using messages though. – Bookmark 23/2, 2013 at 15:3

Nope. Same Origin Policy dates back to Netscape 2.0.

Unless you can hack/XSS the other site's files to inject the JS, you will have a hard time.

Now if you legitimately need to communicate with the other page, and you either have control of the other page or can setup it to communicate with your server, you can use window.postMessage, JSONP or even Ajax with CORS (latter 2 will be harder to pass dynamic content though). But I believe it is not the case.

Haya answered 23/2, 2013 at 15:7 Comment(0)

using chrome extension add this to manifest { "matches": ["<all_urls>"], "all_frames": true, "js": ["captcha.js"] } and using console you can use this: `var firstIframe = window.frames[0]; console.log(firstIframe);

// Access the contentDocument of the iframe var iframeDocument = firstIframe.document;

// Use jQuery within the iframe to select '.img-action-text' elements var elements = $(iframeDocument).find('.img-action-text');`

Audile answered 23/11, 2023 at 15:33 Comment(0)

Recommended topics

Hot tags