0

I am working on a website at my job and we have run into an issue with our API vendors documentation being very much out of date and their support not being super helpful answering questions.

I was wondering if it is at all possible to open a URL in a new tab and then populate an input field in the code in the new tab.

The issue is the URL is not a site I have access to the code, which I am sure makes this impossible, but was curious if there way a way to at least try.

I have read about postMessage and Broadcast Channels but they both seem to need access to both code bases which I do not have.

What I have so far

So far my code is bound to a click event as such

    var newTab = window.open('URL', '_blank');
    var searchField = newTab.document;
    console.log(searchField);

I am trying to pass a data-value to an input on the page that opens in the new tab, but I do not have access to the code base for that site.

OMGDrAcula
  • 1,054
  • 3
  • 11
  • 17
  • 1
    Does the site you are trying to populate the input field for have any built-in support for prepopulating that field? If not, do they have any XSS vulnerabilities you can exploit through the url? If not, you're probably out of luck. – shamsup Nov 11 '21 at 21:15
  • @shamsup That I would not know and would not want to risk getting into trouble with them by using any vulnerabilities. I tried using the second answer on this question https://stackoverflow.com/questions/1372022/waiting-for-child-window-loading-to-complete but that did not work either. – OMGDrAcula Nov 11 '21 at 21:20
  • 1
    you either need access to the code on the page you want to manipulate, or the page has to have the [same origin](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy) so you can access the document to manipuilate it. – shamsup Nov 11 '21 at 21:44
  • Yea that is what I was afraid of unfortunately! Thanks a ton! If you want to write out a longer answer explaining that I will gladly accept it! – OMGDrAcula Nov 11 '21 at 21:46

0 Answers0