Topic awaiting preservation: Accessing the Contents of an iFrame (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=24426" title="Pages that link to Topic awaiting preservation: Accessing the Contents of an iFrame (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Accessing the Contents of an iFrame <span class="small">(Page 1 of 1)</span>\$

Iron Wallaby Paranoid (IV) Inmate From: USA Insane since: May 2004	posted 12-17-2004 06:06 I am trying to access the HTML of a page loaded into an iframe. However, I am not familiar enough with the DOM to get it to work right... is it possible? code: <html> <head> <title>iframe test</title> <style type="text/css"> iframe { width: 640px; height: 480px; } </style> <script type="text/javascript"> function init() { document.getElementById("source").onload = function() { // -> document.body.innerHTML += document.getElementById("source").body.innerHTML; } open("http://www.google.com/"); } function open(url) { document.getElementById("source").src = url; } </script> </head> <body onload="init();"> <iframe id="source" src="about:blank"></iframe> </body> </html> The commented line of code is the one I can't get working... it should be fairly obvious what I'm trying to do. Help is greatly appreciated. "Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke "Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling
bitdamaged Maniac (V) Mad Scientist From: 100101010011 <-- right about here Insane since: Mar 2000	posted 12-17-2004 06:31 For security purposes, you can't access frames across domains, I'd assume this counts for system frames like about:blank. I'm not sure the getElementById thing will work I think you need to target the frame name not the id. .:[ Never resist a perfect moment ]:. (Edited by bitdamaged on 12-17-2004 06:33)
Iron Wallaby Paranoid (IV) Inmate From: USA Insane since: May 2004	posted 12-19-2004 01:50 Yes, you're right; if I treat it as a frame instead of an object, I can modify it's attributes. Hmm... can I get more information about frames across domains? I don't know where to begin looking for information on this. I ask since I was writing a simple webcrawler for the Colors 20lines compo... I wanted to create a program to gather color statistics from HTML pages. My current code is: code: <html> <head> <title>Javascript Webcrawler</title> <style type="text/css"> iframe { width: 40em; height: 30em; } </style> <script type="text/javascript"> var queue = []; function process() { var i, location; // testing... alert(frames["myFrame"].document.links.length); // Prompt for pages to visit if we are out. // Die if none given. if(queue.length == 0) if(location = prompt('Enter initial location to crawl:')) queue.push(location); else return false; // Hop to that page! frames["myFrame"].location.href = queue.pop(); } </script> </head> <body> <iframe name="myFrame" src="about:blank" onload="process();"></iframe> </body> </html> "Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke "Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling (Edited by Iron Wallaby on 12-19-2004 01:51) (Edited by Iron Wallaby on 12-19-2004 01:53)
zavaboy Bipolar (III) Inmate From: f(x) Insane since: Jun 2004	posted 12-19-2004 04:54 I've been able to get source from remote websites via frames, take a look at my question about it.
Iron Wallaby Paranoid (IV) Inmate From: USA Insane since: May 2004	posted 12-19-2004 06:09 That is helpful for a lot of things, but I'm running into the exact same security problems as before. But I somehow missed that last time, thanks! bookmarked Now, if I run it locally (only works in Mozilla/Firefox), and ask it to query http://www.google.com/, it gives me a permission denied. It does, however work correctly when I query a local file on my hard drive. "Error: uncaught exception: Permission denied to call method XMLHttpRequest.open" code: <html> <head> <title>HTTP Requests</title> <script type="text/javascript"> var xmlhttp = new XMLHttpRequest(); xmlhttp.open("GET", prompt("Enter a URL to grab."), true); xmlhttp.onreadystatechange = function() { if(xmlhttp.readyState == 4) alert(xmlhttp.responseText); } xmlhttp.send(null); </script> </head> <body> </body> </html> [edit] This "problem" is described in the ADC. "Security Issues When the XMLHttpRequest object operates within a browser, it adopts the same-domain security policies of typical JavaScript activity (sharing the same "sandbox," as it were). This has some important implications that will impact your application of this feature. First, on most browsers supporting this functionality, the page that bears scripts accessing the object needs to be retrieved via http: protocol, meaning that you won't be able to test the pages from a local hard disk (file: protocol) without some extra security issues cropping up, especially in Mozilla and IE/Windows. In fact, Mozilla requires that you wrap access to the object inside UniversalBrowserRead security privileges. IE, on the other hand, simply displays an alert to the user that a potentially unsafe activity may be going on and offers a chance to cancel. Second, the domain of the URL request destination must be the same as the one that serves up the page containing the script. This means, unfortunately, that client-side scripts cannot fetch web service data from other sources, and blend that data into a page. Everything must come from the same domain. Under these circumstances, you don't have to worry about security alerts frightening your users." http://developer.apple.com/internet/webcontent/xmlhttpreq.html [/edit] "Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke "Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling (Edited by Iron Wallaby on 12-19-2004 06:10) (Edited by Iron Wallaby on 12-19-2004 06:12) (Edited by Iron Wallaby on 12-19-2004 06:43)
Iron Wallaby Paranoid (IV) Inmate From: USA Insane since: May 2004	posted 12-19-2004 07:03 Okay, I solved it (still only for Mozilla, but this is acceptable for me, it's for my own fun). The way is to request special privileges from the user. For more reference, check out: http://www.mozilla.org/projects/security/components/signed-scripts.html . Use at your own risk, etc. code: <html> <head> <title>HTTP Requests</title> <script type="text/javascript"> netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead"); var request = new XMLHttpRequest(); request.open("GET", prompt("Enter a URL to grab.")); request.onreadystatechange = function() { if(request.readyState == 4) alert(request.responseText); } request.send(null); </script> </head> <body> </body> </html> "Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke "Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling (Edited by Iron Wallaby on 12-19-2004 07:03)

Topic awaiting preservation: Accessing the Contents of an iFrame (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=24426" title="Pages that link to Topic awaiting preservation: Accessing the Contents of an iFrame (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Accessing the Contents of an iFrame <span class="small">(Page 1 of 1)</span>\$

Iron Wallaby
Paranoid (IV) Inmate

From: USA
Insane since: May 2004

posted 12-17-2004 06:06

I am trying to access the HTML of a page loaded into an iframe. However, I am not familiar enough with the DOM to get it to work right... is it possible?

code:

<html>

	<head>

		<title>iframe test</title>



		<style type="text/css">

			iframe {

				width: 640px;

				height: 480px;

			}

		</style>



		<script type="text/javascript">

			function init() {

				document.getElementById("source").onload = function() {

					// -> document.body.innerHTML += document.getElementById("source").body.innerHTML;

				}



				open("http://www.google.com/");

			}



			function open(url) { document.getElementById("source").src = url; }

		</script>

	</head>



	<body onload="init();">

		<iframe id="source" src="about:blank"></iframe>

	</body>

</html>

The commented line of code is the one I can't get working... it should be fairly obvious what I'm trying to do. Help is greatly appreciated.

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke
"Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted 12-17-2004 06:31

For security purposes, you can't access frames across domains, I'd assume this counts for system frames like about:blank.

I'm not sure the getElementById thing will work I think you need to target the frame name not the id.

.:[ Never resist a perfect moment ]:.

(Edited by bitdamaged on 12-17-2004 06:33)

Iron Wallaby
Paranoid (IV) Inmate

From: USA
Insane since: May 2004

posted 12-19-2004 01:50

Yes, you're right; if I treat it as a frame instead of an object, I can modify it's attributes.

Hmm... can I get more information about frames across domains? I don't know where to begin looking for information on this. I ask since I was writing a simple webcrawler for the Colors 20lines compo... I wanted to create a program to gather color statistics from HTML pages.

My current code is:

code:

<html>

	<head>

		<title>Javascript Webcrawler</title>



		<style type="text/css">

			iframe {

				width: 40em;

				height: 30em;

			}

		</style>



		<script type="text/javascript">

			var queue = [];



			function process() {

				var	i,

					location;



				// testing...

				alert(frames["myFrame"].document.links.length);



				// Prompt for pages to visit if we are out.

				// Die if none given.

				if(queue.length == 0)

					if(location = prompt('Enter initial location to crawl:'))

						queue.push(location);



					else return false;



				// Hop to that page!

				frames["myFrame"].location.href = queue.pop();

			}

		</script>

	</head>



	<body>

		<iframe name="myFrame" src="about:blank" onload="process();"></iframe>

	</body>

</html>

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke
"Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling

(Edited by Iron Wallaby on 12-19-2004 01:51)

(Edited by Iron Wallaby on 12-19-2004 01:53)

zavaboy
Bipolar (III) Inmate

From: f(x)
Insane since: Jun 2004

posted 12-19-2004 04:54

I've been able to get source from remote websites via frames, take a look at my question about it.

Iron Wallaby
Paranoid (IV) Inmate

From: USA
Insane since: May 2004

posted 12-19-2004 06:09

That is helpful for a lot of things, but I'm running into the exact same security problems as before. But I somehow missed that last time, thanks! *bookmarked*

Now, if I run it locally (only works in Mozilla/Firefox), and ask it to query http://www.google.com/, it gives me a permission denied. It does, however work correctly when I query a local file on my hard drive.

"Error: uncaught exception: Permission denied to call method XMLHttpRequest.open"

code:

<html>

	<head>

		<title>HTTP Requests</title>



		<script type="text/javascript">

			var xmlhttp = new XMLHttpRequest();



			xmlhttp.open("GET", prompt("Enter a URL to grab."), true);



			xmlhttp.onreadystatechange = function() {

				if(xmlhttp.readyState == 4)

					alert(xmlhttp.responseText);

			}



			xmlhttp.send(null);

		</script>

	</head>



	<body>

	</body>

</html>

[edit]

This "problem" is described in the ADC.

"Security Issues

When the XMLHttpRequest object operates within a browser, it adopts the same-domain security policies of typical JavaScript activity (sharing the same "sandbox," as it were). This has some important implications that will impact your application of this feature.

First, on most browsers supporting this functionality, the page that bears scripts accessing the object needs to be retrieved via http: protocol, meaning that you won't be able to test the pages from a local hard disk (file: protocol) without some extra security issues cropping up, especially in Mozilla and IE/Windows. In fact, Mozilla requires that you wrap access to the object inside UniversalBrowserRead security privileges. IE, on the other hand, simply displays an alert to the user that a potentially unsafe activity may be going on and offers a chance to cancel.

Second, the domain of the URL request destination must be the same as the one that serves up the page containing the script. This means, unfortunately, that client-side scripts cannot fetch web service data from other sources, and blend that data into a page. Everything must come from the same domain. Under these circumstances, you don't have to worry about security alerts frightening your users."

http://developer.apple.com/internet/webcontent/xmlhttpreq.html

[/edit]

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke
"Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling

(Edited by Iron Wallaby on 12-19-2004 06:10)

(Edited by Iron Wallaby on 12-19-2004 06:12)

(Edited by Iron Wallaby on 12-19-2004 06:43)

Iron Wallaby
Paranoid (IV) Inmate

From: USA
Insane since: May 2004

posted 12-19-2004 07:03

Okay, I solved it (still only for Mozilla, but this is acceptable for me, it's for my own fun). The way is to request special privileges from the user.

For more reference, check out: http://www.mozilla.org/projects/security/components/signed-scripts.html .

Use at your own risk, etc.

code:

<html>

	<head>

		<title>HTTP Requests</title>



		<script type="text/javascript">

			netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");



			var request = new XMLHttpRequest();



			request.open("GET", prompt("Enter a URL to grab."));



			request.onreadystatechange = function() {

				if(request.readyState == 4)

					alert(request.responseText);

			}



			request.send(null);

		</script>

	</head>



	<body>

	</body>

</html>