5

I'm loading a cross-domain page (that I have no control over) into an iframe.

I want to know if this results in a scrollbar appearing in the iframe on my page or not.

I'm getting the impression that this just cannot be done (in Firefox at least), through any kind of direct detection or clever deduction, due to cross-domain security policies.

Please only answer this question if you have direct experience successfully doing this yourself -- or trying everything and giving up.

(Those other discussions you want to refer me to don't work for cross-domain iframes with no control over the embedded page. And if you think jQuery must have something for this, please test it out first yourself to make sure.)

TIA -- I don't have an SO account to respond to your answers. (do now)

Patricia
  • 51
  • 1
  • 3
  • Well, I was going to answer with a potential solution until I read the 4th paragraph of your question. Good luck, anyway. – Andy E Jan 17 '11 at 22:43
  • ...and I thought about not answering because of the last sentence ;) – Day Jan 17 '11 at 23:54

1 Answers1

3

It is not possible to do this because of the browser's security model. If it was possible, that would be a security problem and would have to be fixed. See my complete answer to this similar question for a more complete explanation.

Community
  • 1
  • 1
Day
  • 9,465
  • 6
  • 57
  • 93
  • 1
    I'm still logged in by chance. Thank you. Does Mozilla express your security doctrine anywhere that I can read — so as to confirm that I should give up all testing and all hope for all time! I ask this because I find that at least one other major browser does let you detect several scroll-related properties that Firefox doesn't. – Patricia Jan 18 '11 at 03:38
  • It is specified in HTML5 through the limitations of cross-origin window object access that any such way to detect this should throw SECURITY_ERR. All major browsers intend on following HTML5. – gsnedders Jan 18 '11 at 05:01
  • I'm finding a few documents at W3 on the general subject of cross-domain security, but they seem to deal with schemes to enable full AJAX-like messaging between domains, rather than specifying a prohibiltion on the simple detection of the foreign page's width and height and/or scrollbar status as rendered by the local page. (Doing this does not necessarily even require reading the foreign page's properties per se — the size can be determined by the effect of the foreign page on the local layout, and thus is not inherently "cross-domain communication".) – Patricia Jan 18 '11 at 08:30
  • 1
    Patricia: The SOP (Same Origin Policy) is not something defined by the W3 but by the browser vendors them selves. It does not change any of the specs issued by the W3 but implements security related restrictions -eg window.parent still points to the parent, you just cannot call [[get]] on it without throwing an exception. You will not find any way to get the size without support from the other page - regarding its layout, this all happens within the wrapped pages viewport and so does not incur any changes to the wrapping document. – Sean Kinsey Jan 19 '11 at 22:42