Ben McCurdy
Reputation: 41
Block Same Domain Iframe Access To Parent
I have a website xyz.com with an iframe that loads xyz.com/usersubmittedpage.html inside the iframe.
How can i block the inner page from accessing the parent page. Same Origin Policy allows it to access everything in the parent. Is there another approach I could use to load this page without giving it access to the parent content while keeping it in the same domain.
Upvotes: 4
Views: 2915
Answers (1)
JayC
Reputation: 7141
Well...
There is the sandbox attribute to iframes: https://developer.mozilla.org/en-US/docs/HTML/Element/iframe#attr-sandbox
But it's only supported (reliably) in Chrome (as of this writing, 9/11/2012). (It will be supported/is supported elsewhere, but barely.)
Upvotes: 3
Related Questions
- Access-Control-Allow-Origin not working for iframe within the same domain
- How can I prevent an iframe from accessing parent frame?
- js cross-domain to iframe
- How to overcome same-origin-policy from iframe?
- Cross-domain JavaScript iFrame-parent access blocked
- iframe cross-domain access
- How can I have a same domain iframe disable same domain scripting
- How can I prevent JavaScript in an iFrame to access properties of the outer site, even if the iFrame's content comes from the same origin?
- Can i restrict what parent (html only) access my child iframe(PHP) which is on different domain?
- cross domain access in iframe from parent to child