Home/ Questions/Q 7495363
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T18:03:46+00:00

I remember reading about domain A being able to control domain B if domain

  • 0

I remember reading about domain A being able to control domain B if domain B has a helper frame inside it. I have pages like StumbleUpon, where I place other websites in iframes. What if one of those websites place my page in an iframe? Also, stuff like Facebook’s Like button and Twitter’s Tweet button are all iframes. What data would/woudn’t that have access to?
Would they be able to inject scripts into my page?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    No, they can not access other domains cookie.

    No matter where you hide an iframe with different domain, browser will always send cookies that were set for that specific domain.

    Like button can be created utilizing Referer header.

    Say, http://domainA.com/index.html contains

     <iframe src="http://domainB.com/like.html"></iframe>

    Here when http://domainB.com/like.html is called inside the iframe an HTTP header Referer: http://domainA.com/index.html is sent along with the request. This way domainB.com/like.html always knows who is requesting. When domainB.com got this little piece for information it can just check the number of likes of the page and show the result.

    A live example

    Put the bellow code in any of your websites. After that every time you refresh the the website it’ll show how many times its loaded. It’ll count the number of hits.

     <p>This page is viewd 
 <iframe 
      src="http://tools.cmyweb.net/hitcounter.php" 
      frameborder="0" 
      scrolling="no" 
      width="40px" 
      height="16px" 
 />1</iframe> times</p>
    • 0