I know that for protection of the client you can do very little on the contentWindow and contentWindow.document property of the iframe, but what exactly is possible?
Edit: I should have clarified that it's cross-domain.
Asked
Active
Viewed 425 times
1
-
5what exactly you want to know? Everything is possible if it's on the same domain. – Okan Kocyigit Apr 06 '12 at 21:18
-
@ocanal Which methods and fields I can access – Pieter Bos Apr 06 '12 at 21:46
-
1You can get the URL of the document, and the size of the window, and that's it. Anything else would violate the "same origin" policy. You can find more information here: http://stackoverflow.com/questions/6094514/javascript-iframe-security-permission-denied-when-tring-to-access-a-js-funct – uotonyh Apr 06 '12 at 21:47
-
1Also, here is a long but well-thought-out discussion as well as techniques outlined here: http://softwareas.com/cross-domain-communication-with-iframes – uotonyh Apr 06 '12 at 21:50