Iframe – contents hijacking parent?

@jofloMay 14.2008

Hi,

I’m wondering if browsers restrict 3rd party Iframe contents from accessing the parent?

I’m using an Iframe to allow privileged users to navigate through external sites. I just want to make sure that a malicious site wouldn’t be able to invoke any action on the parent page with the Iframe? Eg navigate to a link on the parent page, access the parent page’s querystring, call a javascript function on the parent page etc.

Thanks

to post a comment

JavaScript

1 Comments(s) _↴

@A1ien51May 15.2008 — #JavaScript has a same domain policy. If the page is from a different domain, it can not access the parent. The iframe can have a frame breaker in it and replace your page and there is nothing you can do about that.

Eric

Also in #JavaScript _↴

Help with list of radio buttons w/ last one including an input field JavaScript Help?Image map w/ multiple mouseover events

Success!

Help @joflo spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.26,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

Iframe – contents hijacking parent?

1 Comments(s) _↴

Also in #JavaScript _↴

Success!

Social

Version

Iframe – contents hijacking parent?

1 Comments(s) ↴

Also in #JavaScript ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

1 Comments(s) _↴

Also in #JavaScript _↴