如何读取从另一个域加载页面的iframe的DOM?

时间:2021-08-31 04:43:28

Is there a way to access the DOM of the document in an iframe from parent doc if the doc in the iframe is on another domain? I can easily access it if both parent and child pages are on the same domain, but I need to be able to do that when they are on different domains.

如果iframe中的文档位于另一个域上,是否有办法从父文档访问iframe文档的DOM?如果父页面和子页面都位于同一个域中,我可以轻松访问它,但是当它们位于不同的域时我需要能够这样做。

If not, maybe there is some other way to READ the contents of an iframe (one consideration was to create an ActiveX control, since this would be for internal corporate use only, but I would prefer it to be cross-browser compatible)?

如果没有,也许还有其他一些方法来读取iframe的内容(一个考虑因素是创建一个ActiveX控件,因为这仅供内部企业使用,但我更喜欢它是跨浏览器兼容的)?

3 个解决方案

#1


3  

Not really. This is essential for security – otherwise you could open my online banking site or webmail and mess with it.

并不是的。这对安全至关重要 - 否则你可以打开我的网上银行网站或网络邮件并搞乱它。

You can loosen restriction a bit by setting document.domain, but still top level domain must be the same.

您可以通过设置document.domain来稍微放松限制,但*域仍然必须相同。

You can work around this limitation by proxying requests via your own server (but don't forget to secure it, otherwise s[cp]ammers may abuse it)

您可以通过自己的服务器代理请求来解决此限制(但不要忘记保护它,否则s [cp] ammers可能会滥用它)

my.example.com/proxy?url=otherdomain.com/page

#2


1  

Theoretically you can access the the content of the iframe using the standard DOM level2 contentDocument property. Practically you may have found out that most browsers deny the access to the DOM of the external document due to security concerns. Access to the full DOM AFAIK is not possible (though there might be some browser-specific tweak to disable the same-domain check); for cross-domain XHR a popular trick is to bounce the data back and forth the iframe and the main document using URL fragment identifiers (see e.g. this link), you can use the same technique but:

从理论上讲,您可以使用标准DOM level2 contentDocument属性访问iframe的内容。实际上,您可能已经发现,由于安全问题,大多数浏览器都拒绝访问外部文档的DOM。无法访问完整的DOM AFAIK(尽管可能会有一些特定于浏览器的调整来禁用同域检查);对于跨域XHR,一个流行的技巧是使用URL片段标识符(参见例如此链接)在iframe和主文档中来回反弹数据,您可以使用相同的技术但是:

  • the document loaded in the iframe must cooperate, and
  • 在iframe中加载的文档必须合作,并且

  • you don't have access to the full document anyway (you can read back some parameters, or maybe you can try and URL-encode the whole document - but that would be very ugly)
  • 你无论如何都无法访问完整的文档(你可以回读一些参数,或者你可以尝试对整个文档进行URL编码 - 但那会非常难看)

#3


0  

I just found postMessage method introduced with HTML5; it's already implemented in recent browser (FF3, IE8 and Safari 4). It allows the exchange of messages between any windows object inside the browser. For the details see the documentation at MDC and this nice tutorial by John Resig.

我刚发现HTML5引入了postMessage方法;它已经在最近的浏览器中实现(FF3,IE8和Safari 4)。它允许在浏览器内的任何Windows对象之间交换消息。有关详细信息,请参阅MDC的文档和John Resig的这个精彩教程。

#1


3  

Not really. This is essential for security – otherwise you could open my online banking site or webmail and mess with it.

并不是的。这对安全至关重要 - 否则你可以打开我的网上银行网站或网络邮件并搞乱它。

You can loosen restriction a bit by setting document.domain, but still top level domain must be the same.

您可以通过设置document.domain来稍微放松限制,但*域仍然必须相同。

You can work around this limitation by proxying requests via your own server (but don't forget to secure it, otherwise s[cp]ammers may abuse it)

您可以通过自己的服务器代理请求来解决此限制(但不要忘记保护它,否则s [cp] ammers可能会滥用它)

my.example.com/proxy?url=otherdomain.com/page

#2


1  

Theoretically you can access the the content of the iframe using the standard DOM level2 contentDocument property. Practically you may have found out that most browsers deny the access to the DOM of the external document due to security concerns. Access to the full DOM AFAIK is not possible (though there might be some browser-specific tweak to disable the same-domain check); for cross-domain XHR a popular trick is to bounce the data back and forth the iframe and the main document using URL fragment identifiers (see e.g. this link), you can use the same technique but:

从理论上讲,您可以使用标准DOM level2 contentDocument属性访问iframe的内容。实际上,您可能已经发现,由于安全问题,大多数浏览器都拒绝访问外部文档的DOM。无法访问完整的DOM AFAIK(尽管可能会有一些特定于浏览器的调整来禁用同域检查);对于跨域XHR,一个流行的技巧是使用URL片段标识符(参见例如此链接)在iframe和主文档中来回反弹数据,您可以使用相同的技术但是:

  • the document loaded in the iframe must cooperate, and
  • 在iframe中加载的文档必须合作,并且

  • you don't have access to the full document anyway (you can read back some parameters, or maybe you can try and URL-encode the whole document - but that would be very ugly)
  • 你无论如何都无法访问完整的文档(你可以回读一些参数,或者你可以尝试对整个文档进行URL编码 - 但那会非常难看)

#3


0  

I just found postMessage method introduced with HTML5; it's already implemented in recent browser (FF3, IE8 and Safari 4). It allows the exchange of messages between any windows object inside the browser. For the details see the documentation at MDC and this nice tutorial by John Resig.

我刚发现HTML5引入了postMessage方法;它已经在最近的浏览器中实现(FF3,IE8和Safari 4)。它允许在浏览器内的任何Windows对象之间交换消息。有关详细信息,请参阅MDC的文档和John Resig的这个精彩教程。