Who owns the iframe tag between the site that creates the tag and the site whose content is in the tag?

I'm just wondering where the border for the iframe content scripts lies. Which element is the superior parent of the iframe content. The iframe itself or "html"

I tried the following, but then I realized that scripts inside the iframe cannot access the properties of the iframe and no warning is thrown.

The following script is inside an iframe.

<script>
$(document).ready(function(e) {
    $(document).on('click', '.subscribe_submit', function(){
        console.log($('.iframe').attr('data-test'));
//////////// data-test returns undefined for this.
</script>

      

while the iframe looks like this.

<iframe data-test="$2y$12$PPuMZWPdy.zhaVnGWV7SD.Tqhw87qLe4e.vaTtWuIccxLrUFu/cda"></iframe>

      

* This is a cross origin. * The data-test is not a password, I just used the PHP API to encrypt this string.

+3


source to share


2 answers


Everything window

belongs to the browser .

frames

are a property window

, and inside frames are separate windows.

Likewise document

for your page is a window property.



Browser security rules determine what you should or shouldn't be allowed to do depending on the domain of the main window, as well as what frames are allowed to interact with any higher-level window.

In your page (document), you shouldn't have any problem accessing the iframe tag and setting or getting the attributes. There are, however, blocking header blocks that pages can set to prevent loading into another frame.

More information needed to troubleshoot why you can't get the value of the data attribute p>

+2


source


The home page owns an iFrame element. If the content is on a different domain, the content is limited to its own "window", which is inside the iFrame.



+1


source







All Articles