2

There is a third-party site with an embedded iframe from a different domain.

domain1.com:

<html>
  ...
    <iframe src="domain2.com/?...">...</iframe>
  ...
</html>

All I need to do is run a user script inside the iframe. I do not need any communication between the iframe and it's embedding page. I use Greasemonkey 4.11 in Firefox 103.0.

There are a few closely related questions and also some answers:

However, I have a hard time understanding how these questions and answers apply to the orthogonal issues of:

  • Same or different origin of the iframe
  • Interaction between the iframe and it's embedding page
  • Loading time of the iframe
  • Greasemonkey version, specifically >= 4 vs. <4.

Nevertheless I tried out what I thought might work, but it didn't.

Apparantly, this is supposed to work in Greasemonkey < 4:

Edit: Confirmed to work with Tampermonkey in Chrome and with Violentmonkey in Firefox.

// ==UserScript==
// @name     foo1
// @version  1
// @grant    none
// @match    https://domain1.com
// @match    https://domain2.com/*
// ==/UserScript==

setInterval(() => {
  if (window.top === window.self) {
    // Works:
    console.log("top")
  }
  else {
    // Unreachable:
    console.log("iframe")
  }
  
}, 3000)

And this is supposed to work in Greasemonkey >=4, but it doesn't seem to work with a different domain:

// ==UserScript==
// @name     foo2
// @version  1
// @grant    none
// @match    https://domain1.com
// @match    https://domain2.com/*
// @require https://git.io/waitForKeyElements.js
// ==/UserScript==

waitForKeyElements("iframe", function(elem) {
  setInterval(() => {
    // Works:
    console.log(elem.contentWindow)
    try {
      // Throws SecurityError:
      // Permission denied to access property "document" on 
      // cross-origin object
      console.log(elem.contentWindow.document)
    } catch (e) {
      console.log("ERROR " + e);
    }
  }, 3000)
});
Marco Eckstein
  • 4,448
  • 4
  • 37
  • 48
  • Your first script should work in all versions of userscript engines, so if it doesn't work there may be a problem with your `@match`. The second script won't work in any modern browser as they forbid direct cross-origin access, also the iframe is a separate environment from the embedding page, it will run a separate instance of your script inside, so there'll be no `iframe` element for waitForKeyElements. – wOxxOm Jul 31 '22 at 17:27
  • The iframe's `src` starts with `https://wtc-v5.brizoit.com/wtc/plugins/servlet/workcalendar?isAdmin=true&` and I've tried a `@match` as unspecific as `https://wtc-v5.brizoit.com/*`. Still no success. – Marco Eckstein Jul 31 '22 at 17:55
  • 1
    Could other iframe attributes make a difference, e.g. `sandbox`? – Marco Eckstein Jul 31 '22 at 17:58
  • I edited my question with the confirmation that the first script works with Tampermonkey in Chrome, so my `@match` is correct, and this is an issue specific to Greasemonkey. – Marco Eckstein Jul 31 '22 at 18:07
  • Try checking `top === window`, without `self` as it may be different in GM4. – wOxxOm Jul 31 '22 at 18:12
  • Gives the same result. – Marco Eckstein Jul 31 '22 at 18:58
  • Since this works in Tampermonkey and Violentmonkey, and due to other reasons, I uninstalled Greasemonkey and switched to Violentmonkey . – Marco Eckstein Aug 09 '22 at 16:12
  • Try also in Firemonkey, its developer helps userscript authors in such cases. – wOxxOm Aug 09 '22 at 17:00

0 Answers0