Detect if an iframe went outside local website

Question

I have an iframe and using

    var isInSameDomain = (window.location.host == window.parent.location.host);

I can detect if the iframe is outside my website. or using an index of my site in an array.

But it always returns false. Because the iframe's src doesn't actually change when I don't modify the src directly.

Basically I have an iframe that goes to a local page with a link on it. When I click that link the iframe goes to that page. But when I retrieve the iframe's src it still gives me the local page's url rather than the page I clicked to. When I reload the iframe manually triggering the function I have set on load it still returns the src of the last page.

$(page).load(function(){
  console.log(page);
  handlePage();
});

function handlePage() {
  if(isUserOutside() == false) {
    $(backButton).attr('class','disabled'); 
  } else {
    $(backButton).attr('class',''); 
  }
}

function isUserOutside() {
/*for(var i = 0; i < pages.length; i++) {
    var _page = pages[i];
    if(canonicalize(_page) == _browser.src) {
      return false
      break;
    }
  }

  return true;*/ //The old code is in comments.
  return window.location.host != window.parent.location.host;
}

A good example would be this

It does change, are you sure you are running the code after the iframe has reloaded? However, note that you cannot access `location.host` from another server so you'll get a security error when that happens. Put a try catch around the code that is trying to access the iframe that may be pointing to a different server and you'll know if it's in a different domain — Ruan Mendes, Nov 09 '15 at 17:52
See http://stackoverflow.com/questions/21751377/foolproof-way-to-detect-if-this-page-is-inside-a-cross-domain-iframe — guest271314, Nov 09 '15 at 17:58
@JuanMendes I had an older way where I indexed all the pages and then just looped through them all and if it matched I'd ignore it but if none did I knew I was outside. This loop runs when the iframe gets done reloading or loading a page. — Ferdi, Nov 09 '15 at 18:52
I have very basic knowledge of iFrames but I know (from experience) that there's usually a better way to get the job done without using an iFrame because you run into issues similar to this all the time. iFrames are very limited because their security permissions only allow them access to pages within the domain of the page that they are embedded in (Strict cross-domain policies) — Jordan, Nov 09 '15 at 19:09
@Alex a link to my school's website works fine. But I can't detect that the iframe went there, the src doesn't change. — Ferdi, Nov 09 '15 at 19:10
@Ferdi Post what you have in your source code (in an edit to original question) — Jordan, Nov 09 '15 at 19:13
@Ferdi The code you posted is still not self contained. What is `page?` That does not sound like it's the iframe, you should be listening the the iframe's load, not the main page's — Ruan Mendes, Nov 10 '15 at 13:22
Page is the variable name of the iframe, a bit vague I know. — Ferdi, Nov 11 '15 at 11:21

Detect if an iframe went outside local website

0 Answers0