Home/ Questions/Q 8553351
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T14:37:53+00:00

OK so what i need to do is be able to put a login

  • 0

OK so what i need to do is be able to put a login screen from a remote site in an iframe and when they click the login button it logs them in to the remote site then changes the local page to page 2
here is what i have managed to do so far which is very little. and if this isn’t possible would i be able to create a local login that passed the information to the remote site and gets a cookie then loads the next local page? 

<html>
<head>
    <title>
    </title>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" >
    <style type="text/css">
    #outerdiv
    {
        width:400px;
        height:360px;
        overflow:hidden;
        position:relative;
    }

    #inneriframe
    {
        position:absolute;
        top:-125px;
        left:-802px;
        width:2000px;
        height:2000px;
    }
    </style>
</head>
<body>
    <div id='outerdiv'>
        <iframe src="http://www.99designs.com/login" name="myiframe" id='inneriframe' scrolling=yes></iframe>
    </div>
</body>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Most likely not possible…

    This very likely wont be possible, due to the fact that the hosts between your local and the remote will be different, so JavaScript wont allow you access to the iframe content due the the Same origin policy that all browsers employ.

    http://en.wikipedia.org/wiki/Same_origin_policy

    The only way you might be able to achieve this is if the other site doesn’t employ XSS protection and allows you to directly get/post a login URL to their site. It really depends on who controls what… if you own and control both the local and the remote site then it will be possible. If not, it’s unlikely and will be subject to all sorts of possible problems (i.e. if the remote site changes the way it’s log-in works you system will break, or getting fine grain control of the log-in log-out process wont be possible, so you wont be able to implement your own error handling).

    I guess what I’m saying is you shouldn’t rely on an XSS vulnerability.

    Why is this kind of thing protected against?

    If you think about it, if the above wasn’t true then there would be a lot of very powerful and scary things evil people could do in the background whilst you were surfing a site. For example, if you could use JavaScript to communicate across hosts into a hidden iframe there would be nothing to stop someone coding a hidden script that navigated to facebook, relied on your browser stored username and password, logged in, and then started posting / deleting / befriending away… (and that is only a mild example that doesn’t involve credit card details or government websites)

    Other options?

    Your best bet for implementing something along these lines is to employ a server-side scripting language like php, asp, java, node.js, ruby, lisp, perl or python. Scripting languages don’t tend to have limitations with regard to working with external resources. Again, as long as the external site supports a simple or open source log-in system, you should be able to rig something together than allowed your JavaScript to log-in using your server-side script as a proxy via AJAX. For example, you can use cURL via PHP to post to an external site and retrieve the cookies that site returns. This is not an easy project however and will take quite a bit of work to get functioning without problems.

    • 0