0

I need to load a page, www.example2.com/page.html, inside an iframe located at www.mysiteexample.com.When the page is loaded I need to simulate a click inside the iframe, searching by element id.

Is it possible to bypass cross-site scripting?

This is my script, that doesn't work:

function onMyFrameLoad() {
  $("#iframe").contents().find("#btn-to-push").click();
};

<iframe id='iframe' src="http://www.example2.com/page.html" onload="onMyFrameLoad(this)"></iframe>
Rory McCrossan
  • 331,213
  • 40
  • 305
  • 339
Giuseppe Lodi Rizzini
  • 1,045
  • 11
  • 33
  • 7
    No this is not possible, for obvious security reasons. – Rory McCrossan Dec 03 '19 at 14:21
  • 2
    You should *never* need to bypass XSS securities. – Seblor Dec 03 '19 at 14:24
  • If you own both of those, you can look into `window.postMessage()`. https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage – Lain Dec 03 '19 at 14:24
  • What is the end result that you're looking to accomplish? *Why* do you need to push the button in the iframe? What does it do? – wahwahwah Dec 03 '19 at 14:25
  • @wahwahwah i need to do an automation from my webapp: actually it login to site2 with curl request to access to a private page based on username and password already saved on site1... on this private page then I need to simulate a click to execute a script. this script do some magic....then from site1 I can do another curl to get updated results to save to site1 db – Giuseppe Lodi Rizzini Dec 03 '19 at 14:29
  • 2
    does website2 expose an API? This is the job for that kind of architecture. The kind of workaround you are trying to put in place is not a good idea at all – Lelio Faieta Dec 03 '19 at 14:35
  • @LelioFaieta no, it is an "abandoned" website. but working with data we need – Giuseppe Lodi Rizzini Dec 03 '19 at 14:51
  • Take a look at [this post "auto login site inner in iframe"](https://stackoverflow.com/questions/11878947/auto-login-remote-site-inner-in-iframe) – wahwahwah Dec 03 '19 at 16:54
  • @wahwahwah i already done my own login with curl and it works. my needs is to "click" using jquery a button inside iframe (external website) – Giuseppe Lodi Rizzini Dec 04 '19 at 07:54

0 Answers0