Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m creating a website where users enter a URL and it’s displayed in an iFrame, to be brief. I know a lot of websites have code to break out of iFrames (popular example, Google).
Is there any way to check, with JavaScript or PHP whether a given URL will break out of an iFrame?
As a side-note, I don’t mind taking a website snapshot but I haven’t found an existing adequate website and I can’t seem to install wkhtmltoimage/pdf…but that’s a different question.
So long as the iframe’s URL is different to that of the parent (your website) the iframe’s JavaScript cannot access anything in its parent.
For cross-domain iframe communication to work one might use HTML5’s PostMessage (which has decent support as of right now) or passing params via the URL of the iframe.
Both of these methods require the parent (your website) to explicitly intercept the ‘calls’ from the iframe and do whatever…
All in all, for security reasons an iframe from an unknown source can’t simply alter the parent site holding the iframe.