I am trying to make a click over a button inside a dinamically loaded iframe. I have accomplished reach the desired element inside of the iframe but I can't fire click events. I have used click() and initMouseEvent("click", true, true) without success.
The iframe is loaded with 3rd party content from another domain.
Or more generally speaking, Is it technically possible to do this?
Won't work like that because of the SOP but do you know the url of the button when clicked? If so you can emulate the click by using the src attribute on a resource tag. For example an image tag that points to the url of the button when clicked under normal circumstances. When the browser attempts to load the image he will fire this event automatically.
I just tried. You right. So all agree that this cross-site operations are impossible? Indeed we can get iframes' contents easily with jquery contents() method but trigger events inside iframe we do not. That's it?
They aren't impossible they're controllable. [w3.org...]
Now if your server requests the content from another server is in essence a client. You can then modify the content anyway you want. So if the button you're looking for has an id (you can add one if it doesn't exist) use the id with the jquery live event. The click event won't work just like that because the content is dynamically loaded. And you don't need an iframe in this case.
enigma1 the 3rd party content ALWAYS is framed. I can't control that. To be straight we are talking about code that it is called with a couple of js lines in the client page. This js lines dynamically creates an iframe to load their content. So the content that I want access always is inside of an iframe.
This can be controlled (by the 3rd party) with X-Frame-Options (HTTP headers) that assure that the code is in inside a page served by the owner. So it can't be modified in any way. That together [en.wikipedia.org...] that do not allow (some actions, not all) cross-site coding makes impossible "click over a button inside a dinamically loaded iframe containing 3rd party content"
That is what I am understanding now more and better.
The procedure is you take the src link from these js lines (this should be possible, because that's what the browser is going to use to create the request anyways), you do an fsockopen (or curl) in PHP, and you make a request to the other server from your server. The content that comes back is now open to do whatever modifications you want, in other words you act as an elite proxy. This is not SOP and you can emulate whatever you want, send cookies, headers etc. The other end doesn't know the way you browse the content.
And lets assume the other server may send the X-Frame-Options header or any other header, why do you care about it since it will be your server the receiving end, not a real browser.
But if you depend on the original client's IP/origin, then yes there is no point doing that. Because when you emulate the click, it will be your server's ip that will show up on the other end, not the original client.
Methinks you missed the point - though I wouldn't condone this practice, :-)
- point your iframe at server side SCRIPT instead of third party site (and devise some way to tell it "which site") - Server side script CURLS third party site - third party site is now the output of server side SCRIPT which is now **on your server,** not on third party site - You can modify the contents of this frame because the content comes from your server.