www.webdeveloper.com
Results 1 to 8 of 8

Thread: close iframe that's in another domain

  1. #1
    Join Date
    Nov 2011
    Posts
    1

    close iframe that's in another domain

    Hello

    I'm using lytebox to open an iframe, but the iframe url is in another domain that the parent window.

    i need to close the iframe when user clicks a button. I can do that with javascript : top.$lb.end();
    the $lb.end(); starts lytebox scripts in parent window which close the iframe and modify all the css stuff.
    That works when my iframe url is in the same domain. But when it's in another domain, that does'nt work.

    Can anyone tells me how to do that ? Starting the $lb.end() function of the parent window ?
    Thank you.

  2. #2
    Join Date
    Dec 2003
    Location
    Bucharest, ROMANIA
    Posts
    15,428
    Quote Originally Posted by piwozdiwect View Post
    Can anyone tells me how to do that ? Starting the $lb.end() function of the parent window ?
    Thank you.
    AFAIK, you can't. This kind of javascript relationship is not possible across different domains.

  3. #3
    Join Date
    Jul 2008
    Location
    urbana, il
    Posts
    2,787
    simple. call top.postMessage() and raise an event on top that closes your box by sending a flag or trigger in your event.data argument.

  4. #4
    Join Date
    Dec 2003
    Location
    Bucharest, ROMANIA
    Posts
    15,428
    Quote Originally Posted by rnd me View Post
    simple. call top.postMessage() and raise an event on top that closes your box by sending a flag or trigger in your event.data argument.
    Well, yes, but doesn't that require the access on both domains?

    On the other hand, postMessage() won't work on IE7 (and other older browsers). And I think it works synchronously in IE9 (at least).

  5. #5
    Join Date
    Jul 2008
    Location
    urbana, il
    Posts
    2,787
    even without IE7, postMessage() is much better than "AFAIK, you can't."...

    if the OP doesn't have access to both domains, he shouldn't be influencing code on both.

    there are work-arounds for IE7, the window.name transport for example, but i would just focus on the current and last time's browsers.

  6. #6
    Join Date
    Dec 2003
    Location
    Bucharest, ROMANIA
    Posts
    15,428
    Quote Originally Posted by rnd me View Post
    even without IE7, postMessage() is much better than "AFAIK, you can't."...
    What's wrong with "As Far As I Know?" A frank cover for an ambiguous answer...
    Quote Originally Posted by rnd me View Post
    if the OP doesn't have access to both domains, he shouldn't be influencing code on both.
    The truth is that most of the time people want to influence something on another domain without having access or acceptance of the owner of that domain. Which makes the things if not impossible, at least malicious. Don't you think so?

  7. #7
    Join Date
    Jul 2008
    Location
    urbana, il
    Posts
    2,787
    Quote Originally Posted by Kor View Post
    The truth is that most of the time people want to influence something on another domain without having access or acceptance of the owner of that domain. Which makes the things if not impossible, at least malicious. Don't you think so?
    "malicious" stems from "malice", which i don't think is a motivation in most of these requests. I think many coders, especially the newer ones that ask lots of questions around here, are just unaware of the SOP.

    Since php proxies, back end engines, cors, jsonp, and other technique routinely mashup content on popular sites, people assume it's easy to do. And to some extent, they are right: it is easy. It's just that it hasn't been easy in javascript for very long, and even today, js follows a much stricter set of rules than curl or python or other common web languages.


    i also think that hackers wouldn't ask many questions in public, or would know how to figure it out themselves. Otherwise, they wouldn't be a very good hacker...

  8. #8
    Join Date
    Dec 2003
    Location
    Bucharest, ROMANIA
    Posts
    15,428
    Quote Originally Posted by rnd me View Post
    i also think that hackers wouldn't ask many questions in public, or would know how to figure it out themselves. Otherwise, they wouldn't be a very good hacker...
    True. Yet many honest beginners still hope that they could establish a back-and-forth relationship between 2 domains, without having access to one of them.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles