Basically I want to have an iFrame which always restricts it's content as if it comes from a different domain, even if the content comes from the same origin.
Is there any way to do this?
The best solution is probably to use the HTML5 sandbox attribute on the iframe, which (by default) explicitly disables both scripting and same-origin access to the parent DOM.
Good introduction at http://msdn.microsoft.com/en-us/hh563496.aspx
As of Dec 2012, this seems to be supported on most current browsers .
This will hide window.parent
in the child frame/window, but not the top
property.
BUT the window.parent
property is STILL accessible till the end of the onload event of the child window/frame.
<html>
<head>
<style type="text/css">
#wrapper {width:1000px;height:600px;}
</style>
<script type="text/javascript">
window.onload = function() {
var frm = document.getElementById('childFrame');
var win = frm.contentWindow || (frm.contentDocument && frm.contentDocument.parentWindow) || (frm.document && frm.document.parentWindow);
if (win) win.parent = null;
}
</script>
</head>
<body>
<div id="wrapper">
<iframe id="childFrame" src="child.html" frameborder="0" style="width:100%;height:100%;"></iframe>
</div>
</body>
</html>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.