11

Here is my code on http://my-localhost.com/iframe-test.html

<html>
<head><title>Welcome Iframe Test</title></head>
<body>
<iframe src="http://www.my-website.com/index.html" width="500" height="500"></iframe>
<script type="text/javascript">
function alertMyMessage(msg){
    alert(msg);
}
</script>
</body>
</html>

Here is code on http://www.my-website.com/index.html

<html>
<head></title>Welcome to my Server</title></head>
<body>
<h1>Welcome to My Server</ht>
<a href="javascript:void(0)" title="Click here" onClick="parent.alertMyMessage('Thanks for Helping me')">Click Here</a>
</body>
</html>

When i Click the "Click Here" Link. i got following Error.

Uncaught SecurityError: Blocked a frame with origin "http://www.my-website.com" from accessing a frame with origin "http://my-localhost.com". Protocols, domains, and ports must match.

Please Help me to Fix this Issue, or give some other solution for this.

Improve this question
2
  • why are you using IFrames for this? Commented Oct 16, 2013 at 14:48
  • Then for this purpose what i can use? Actually my purpose is i have fixed html page which is going to open many websites. and those websites user have to click a link, and the link should call a function in the fixed html page. Commented Oct 16, 2013 at 14:50

2 Answers 2

Reset to default
19

You cannot access the DOM of a page loaded in a frame in a different origin. This is blocked for security reasons (imagine a random website you visited opening your web mail service in a hidden iframe and you can see why).

The closest you can come, and then only if you control both websites, is to pass messages between them using the web messaging api.

In one page, write a function to handle the messages and then add it as a message event listener.

function receiveMessage(event)
{
  alert(event.data);
}

addEventListener("message", receiveMessage, false);

In the other, send the message:

parent.postMessage("This is a message", "*");

See MDN for more information

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks will try :) and let you know
Thanks this method is working on Chrome. but in Safari its not working :(
@Quentin Neat. Using Chrome, I received the message, but it did not display the iframe window location. Uncaught SecurityError: Blocked a frame with origin "http://fiddle.jshell.net" from accessing a frame with origin "http://stone.thecoreworlds.net". Protocols, domains, and ports must match.
@Chloe — That's because you have to use postMessage to pass the data, and the code that tries to read the location doesn't.
13

You can use postMessage!

PARENT

if (window.addEventListener) {
    window.addEventListener ("message", receive, false);        
}
else {
    if (window.attachEvent) {
        window.attachEvent("onmessage",receive, false);
    }
}

function receive(event){
    var data = event.data;
    if(typeof(window[data.func]) == "function"){
        window[data.func].call(null, data.params[0]);
    }
}

function alertMyMessage(msg){

    alert(msg);
}

IFRAME

function send(){
    window.parent.window.postMessage(
        {'func':'alertMyMessage','params':['Thanks for Helping me']},
        'http://www.my-website.com'
    );
}

REFERENCE

https://developer.mozilla.org/en-US/docs/Web/API/Window.postMessage

Improve this answer

4 Comments

Use ## for headers.
This works! But is there a way to dynamically populate 'my-website.com' instead of hard code?
I was able to use location.ancestorOrigins[0]) instead of hardcoded 'my-website.com'
I'm noticing that Window IE11 throws a SCRIPT70 "Permission denied" on funciton send(). Is there a way to solve that?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.