Error: Can't access property href

Question

I am using NODE JS module with which I am creating a HTTP server. Server's response is a page containing JavaScript which embed a webpage in . Here is response code:

<html>
<head>
<script type='text/javascript'>
function test() {
document.body.innerHTML='<iframe id="ifool" src="URL" sandbox="allow-same-origin allow-forms allow-scripts"> </iframe>';
var c;                 
window.setInterval(function(){
c=document.getElementById("ifool").contentWindow.location.href; 
window.history.pushState(0,0,c);  
},100);
</script>
</head>
<body onload= "test()">
</body>
</html>

I am using Firebug with FF.I am getting following error:

 Error: Permission denied to access property 'href'
    c=document.getElementById("ifool").contentWindow.location.href;

Answer 1

If the URL you are trying to access in your iframe is outside of your current page domain then you will not be able to do it. Modern browsers implement a Same Origin Policy which decides the permissions of JavaScripts when running cross site scripting.

When a parent and child come from the same domain, they have access to each other; the child can access and operate properties and methods of the parent, and vice-versa. However, when they don't, attempting such access so will trigger script errors indicating Permission denied.

If I try running similar scripts with my page and iframe source pointing to pages hosted by node server, I get no permission errors.

Sources:

1. http://www.esqsoft.com/javascript_examples/iframe_talks_to_parent/
2. error : Permission denied to access property 'document'
3. Access parent URL from iframe
4. <iframe> javascript access parent DOM across domains?