homepage Welcome to WebmasterWorld Guest from 54.145.182.50
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
Forum Library, Charter, Moderator: open

JavaScript and AJAX Forum

    
How to make a click over a button inside a dinamically loaded iframe?
NomikOS

5+ Year Member



 
Msg#: 4389374 posted 12:56 pm on Nov 21, 2011 (gmt 0)

(Hi, so much time!)

I am trying to make a click over a button inside a dinamically loaded iframe.
I have accomplished reach the desired element inside of the iframe but I can't fire click events. I have used click() and initMouseEvent("click", true, true) without success.

The iframe is loaded with 3rd party content from another domain.

Or more generally speaking, Is it technically possible to do this?

Thanks.-

 

Dijkgraaf

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4389374 posted 9:12 pm on Nov 21, 2011 (gmt 0)

No, if it were possible it would big one big security hole/nightmare.

NomikOS

5+ Year Member



 
Msg#: 4389374 posted 9:26 pm on Nov 21, 2011 (gmt 0)

Yes, In the last hours I have learn a lot about this issue. Thanks for your response.

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4389374 posted 11:55 am on Nov 22, 2011 (gmt 0)

Won't work like that because of the SOP but do you know the url of the button when clicked? If so you can emulate the click by using the src attribute on a resource tag. For example an image tag that points to the url of the button when clicked under normal circumstances. When the browser attempts to load the image he will fire this event automatically.

NomikOS

5+ Year Member



 
Msg#: 4389374 posted 2:26 pm on Nov 22, 2011 (gmt 0)

Sound interesting. But I am talking about an iframe loaded with 3rd party content from another domain.
Have you tried what you say?
And if so can you explain a little more PLZ?
THX.-

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4389374 posted 2:51 pm on Nov 22, 2011 (gmt 0)

You can see the source code of an iframe. just enter the src tag as a plain url on the browser and see the source. From there you can see the html for the button.

NomikOS

5+ Year Member



 
Msg#: 4389374 posted 3:07 pm on Nov 22, 2011 (gmt 0)

Ah, that! Of course I know that. No, is much hard than that. The URL is dynamically formed for each request. No, I can't simulate the link to click it in a controlled environment.

I asked this same issue in SO:
[stackoverflow.com...]

Thanks for your attention...

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4389374 posted 4:40 pm on Nov 22, 2011 (gmt 0)

The other thing is does the ip of the client plays a role for the 3rd party content/button clicked? I don't know what's the objective here.

If it doesn't matter you can always make your server connect to the 3rd party and then of course you do whatever you like as your server becomes the intermediary.

NomikOS

5+ Year Member



 
Msg#: 4389374 posted 4:53 pm on Nov 22, 2011 (gmt 0)

Actually now I am trying load my own iframe (served from server) with the 3rd party content. And write some more local code to operate over the content...

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4389374 posted 5:24 pm on Nov 22, 2011 (gmt 0)

I am trying load my own iframe (served from server) with the 3rd party content.


frame, iframe, the same security rules apply, you can do this but . . .

And write some more local code to operate over the content...


You can't do this. If it's loaded from your server, you can, but not an external site.

NomikOS

5+ Year Member



 
Msg#: 4389374 posted 5:48 pm on Nov 22, 2011 (gmt 0)

I just tried. You right.
So all agree that this cross-site operations are impossible?
Indeed we can get iframes' contents easily with jquery contents() method but trigger events inside iframe we do not.
That's it?

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4389374 posted 6:01 pm on Nov 22, 2011 (gmt 0)

They aren't impossible they're controllable.
[w3.org...]

Now if your server requests the content from another server is in essence a client. You can then modify the content anyway you want. So if the button you're looking for has an id (you can add one if it doesn't exist) use the id with the jquery live event. The click event won't work just like that because the content is dynamically loaded. And you don't need an iframe in this case.

NomikOS

5+ Year Member



 
Msg#: 4389374 posted 6:33 pm on Nov 22, 2011 (gmt 0)

enigma1 the 3rd party content ALWAYS is framed. I can't control that. To be straight we are talking about code that it is called with a couple of js lines in the client page. This js lines dynamically creates an iframe to load their content. So the content that I want access always is inside of an iframe.

This can be controlled (by the 3rd party) with X-Frame-Options (HTTP headers) that assure that the code is in inside a page served by the owner. So it can't be modified in any way. That together [en.wikipedia.org...] that do not allow (some actions, not all) cross-site coding makes impossible "click over a button inside a dinamically loaded iframe containing 3rd party content"

That is what I am understanding now more and better.

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4389374 posted 7:52 pm on Nov 22, 2011 (gmt 0)

The procedure is you take the src link from these js lines (this should be possible, because that's what the browser is going to use to create the request anyways), you do an fsockopen (or curl) in PHP, and you make a request to the other server from your server. The content that comes back is now open to do whatever modifications you want, in other words you act as an elite proxy. This is not SOP and you can emulate whatever you want, send cookies, headers etc. The other end doesn't know the way you browse the content.

And lets assume the other server may send the X-Frame-Options header or any other header, why do you care about it since it will be your server the receiving end, not a real browser.

But if you depend on the original client's IP/origin, then yes there is no point doing that. Because when you emulate the click, it will be your server's ip that will show up on the other end, not the original client.

NomikOS

5+ Year Member



 
Msg#: 4389374 posted 8:19 pm on Nov 22, 2011 (gmt 0)

I have used curl a lot in scraping jobs and I know that can send any HTTP header to fool the target server.
But we are talking about javascript here. Is not fair mix all this discussion with any server side language.
Indeed my code must run into a Firefox addon without any server side backend. And even in that case the issue remains. Code framed is well protected. And be framed is a condition imposed by the 3rd party to respond.
Thanks to all!

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4389374 posted 6:22 pm on Nov 23, 2011 (gmt 0)

Methinks you missed the point - though I wouldn't condone this practice, :-)

- point your iframe at server side SCRIPT instead of third party site (and devise some way to tell it "which site")
- Server side script CURLS third party site
- third party site is now the output of server side SCRIPT which is now **on your server,** not on third party site
- You can modify the contents of this frame because the content comes from your server.

NomikOS

5+ Year Member



 
Msg#: 4389374 posted 6:34 pm on Nov 23, 2011 (gmt 0)

I have think is this type of solutions. But, as I told him to enigma1, I can't use server side scripting. This is for a Firefox addon.
Only javascript is invited to dance.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved