0

I'm trying to create an empty iframe fill it with some html-code (here: "Hello World") using javascript. The script file is hosted at domain a.com and loaded from a website at b.net.

All the other js code works but when I try to set the iframe's content, I get an cross origin error. Is there a propper workaround which works?

var node = document.createElement("iframe");
node.setAttribute("border", "0px");
node.setAttribute("sandbox", "");
node.setAttribute("id", "preload");
var obj = document.getElementsByTagName("footer")[0].appendChild(node);
node.contentWindow.document.open();
node.contentWindow.document.write("Hello World");
node.contentWindow.document.close();
cagcoach
  • 625
  • 7
  • 24
  • check https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage – Edwin Jul 18 '18 at 10:12
  • I don't want to _get_ content, I want to _set_ content. So the just created iFrame has no content... – cagcoach Jul 18 '18 at 10:12
  • But is this realy cross origin? Since the iFrame does have no src attribute, how can it have an origin? – cagcoach Jul 18 '18 at 10:13
  • @VDWWD If the question is a dublicate, why does removing "sandbox" then solve the problem? Actually the cross origin error is just misleading... – cagcoach Jul 18 '18 at 14:02

1 Answers1

0

It seems that "sandbox" does actually block the access to the document. Removing "sandbox" solved the problem.

cagcoach
  • 625
  • 7
  • 24