I would like to add an iframe to my webpage. The problem is that there are several malicious scripts and ads in the iframe. Is there a way to block certain scripts (like Adblock does) using HTML or JavaScript?
Asked
Active
Viewed 286 times
0
Yves Gurcan
- 1,096
- 1
- 10
- 25
Jose Miguel
- 5
- 5
-
here https://stackoverflow.com/questions/11658011/cannot-modify-content-of-iframe-what-is-wrong – Coder2195 Jan 28 '21 at 14:05
-
2Does this answer your question? [Cannot modify content of iframe, what is wrong?](https://stackoverflow.com/questions/11658011/cannot-modify-content-of-iframe-what-is-wrong) – Coder2195 Jan 28 '21 at 14:05
-
I don't think this is question is actually a duplicate. You can actually achieve what the person is asking for thanks to a content security policy header, which would be more elegant and effective than the answer referenced in the comments: https://stackoverflow.com/questions/54249080/content-security-policy-for-frame-frame-src-vs-frame-ancestors – Yves Gurcan Aug 17 '21 at 22:56
1 Answers
0
tl;dr: No
The sandbox attribute on the iframe element lets you apply some limits to what scripts can do (e.g. you can block popups) but it can't be used to block specific scripts.
All the techniques for blocking specific scripts have to be applied by the owned of the actual page the script is embedded in. If you trust the owner of the page you are putting in a frame, then they can do what they like (except interact with your page thanks to the same origin policy).
There is a proposal to allow a CSP to be applied to a frame from the parent document, but it doesn't seem to have been updated in half a decade so I'm assuming the idea has died on the vine.
Quentin
- 914,110
- 126
- 1,211
- 1,335