从父页面访问子 iFrame DOM
这是交易:
domain.com/page -- 父页面 (document.domain=domain.com) 包含一个 iframe sub.domain.com/page -- 子 iframe (document.domain=not set) 位于子域上
有没有办法访问该 iframe 的 DOM 还是我运气不好?
同源策略是否会阻止我在父页面中包含的 iframe 上强制使用 document.domain?我想这会破坏同源策略的目的...如果是这种情况,是否有任何解决方法可以访问渲染的父页面上 iframe 的 DOM?
Here is the deal:
domain.com/page -- Parent page (document.domain=domain.com) contains an iframe
sub.domain.com/page -- Child iframe (document.domain=not set) is on a subdomain
Is there any way to access the DOM of that iframe or am I out of luck?
Does same origin policy block me from forcing a document.domain on an iframe contained within a parent page? I suppose that would defeat the purpose of the same origin policy... If that is the case, is there any workaround to access the DOM of the iframe on the rendered parent page?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这是一项浏览器安全措施,否则每个人都会包装您的银行网站并在您登录时窃取您的密码。
您可以从 iframe 与父级对话,但不能再次返回 iframe。
This is a browser security measure, otherwise everybody would be wrapping your banking websites and skimming off your passwords when you logged in.
You can talk from the iframe to the parent, but not back into an iframe again.
据我所知,你运气不好。不过,您可以使用 URL 中的 hash-bang 在它们之间进行对话,请参阅此进行体面的讨论。
You're out of luck, as far as I know. You can talk between them using the hash-bang in the URL though, see this for a decent discussion.
有一个办法。当 iframe 中的页面加载时,让它执行以下操作
这将在父页面(包含 iframe)的全局范围内创建一个函数。然后在父级中,只需具有以下内容
即可控制加载到 iframe 中的页面...如果不这样做,那么您就不走运了。
There is a way. When the page in the iframe loads, have it do the following
This will make a function in the global scope of the parent page (that contains the iframe). Then in the parent, just have the following
This is along as you have control of the page your loading into the iframe... if you do not, you are out of luck.