iframe dynamic src

Question

I want to get updated url of iframe using javascript?

Like this:

<iframe src="http://yahoo.com" id="ifrm" onload="iframeurl()" ></iframe>
<script>
function iframeurl() {
var ifrm = document.getElementById("ifrm");
alert(ifrm.src);
}
</script>

but the code above doesn't work. How can I do this? I'll use external links in iframe which is not hosted on same domain where I'm using the code above.

Please Help.

Thanks

thanks again. http://yahoo.com is just an example. Again my domain is szacpp.com and I need to get the links of other.com. You mean I need to put htaccess in other.com while I don't have access the domain.

Try this by adding iframurl() after function declaration. Or add it to on document load function. — Shehzad Bilal, Jul 01 '12 at 10:06
szacpp - I have updated my answer, hopefully this is useful to you. — freefaller, Jul 03 '12 at 07:42

score 3 · Answer 1 · edited May 23 '17 at 11:56

3

The src attribute of an iframe will not update when the page changes within the iframe.

Your only option would be to query the document in the iframe, however that will only work if the page in the iframe comes from the same domain (otherwise you hit the same origin policy)

UPDATE

IF you have access to other.com, then you should be able to set Access-Control-Allow-Origin in the .htaccess file (assuming you are using a server that uses that file system).

You will find more information...

If you do not have access to other.com then you are simply out of luck. It will be impossible for you to know what the new page is, because the src attribute of the iframe will not be updated when the page changes within the iframe. And you will not be able to use JavaScript due to the same origin policy that I (or more precisely, Quentin) mentioned earlier.

edited May 23 '17 at 11:56

Community

1
1

answered Jul 01 '12 at 10:38

freefaller

17,790
6
50
80

Cross site scripting refers to a class of code injection vulnerability and is largely unrelated to cross origin communication. I've changed the reference. – Quentin Jul 01 '12 at 10:42
hi, Quentin thanks for quick response. You understood my problem. I used .htaccess with the line: Header add Access-Control-Allow-Origin * but still not working. – sza cpp Jul 01 '12 at 12:42
also I'm receiving (Refused to set unsafe header "User-Agent") – sza cpp Jul 01 '12 at 13:39
You can't set *request* headers on the server (since the server sends *responses*, not requests). CORS is used by a server to give permission for *itself* to be accessed, you can't set response headers on yahoo.com. – Quentin Jul 01 '12 at 13:45
thanks again. yahoo.com is just an example. Again my domain is szacpp.com and I need to get the links of other.com. You mean I need to put htaccess in other.com while I don't have access the domain. – sza cpp Jul 01 '12 at 14:24
@szacpp - you've marked my answer as correct, therefore it is assumed that you don't need any help anymore. If you're still in need of help, you'd best start a new question giving *exact* details (and reference this question if necessary) – freefaller Jul 02 '12 at 14:01
Now I've marked your answer as incorrect. so pls answer my second last question. Am I right I need to put htaccess in other.com – sza cpp Jul 02 '12 at 14:40
@szacpp, my answer IS correct in the context of the question you asked in the first place, you should not be putting secondary questions within the comments. Either update your original question with *updates*, or start a new one. It was Quentin who responded about the `.htaccess` file, not me. – freefaller Jul 02 '12 at 14:51
@Quentin, I would appreciate any amendments you wish to make to my edited answer, as I'm an IIS boy and therefore have exceptionally limited knowledge of `.htaccess` - other than what I've just Googled – freefaller Jul 03 '12 at 07:43
I can't see anything wrong with the answer as it stands. If a visitor to your site is doing something on a third party site, then you can't spy on what it is they are doing there (for obvious privacy/security reasons). The third party site has to cooperate. – Quentin Jul 03 '12 at 08:45
Thanks. I have answerd my client. if you want to copy url so right click on a url and select "Copy link address" from context menu. – sza cpp Jul 06 '12 at 12:32

score -1 · Answer 2 · answered Jul 01 '12 at 10:41

-1

try this :

<iframe src="http://yahoo.com" id="ifrm" onload="iframeurl()" ></iframe>
<script>
function iframeurl() {
var ifrm = parent.document.getElementById("ifrm");
alert(ifrm.src);
}
</script>

answered Jul 01 '12 at 10:41

Hilmi

3,207
6
24
54

1

It took me a while to spot-the-difference (please highlight changes when you copy/paste entire blocks of code). Assuming this is the top level frame, adding `parent.` will make no difference. If it isn't the top level frame, it will break the attempt to get the iframe element by its id. This won't help at all and might make things worse. – Quentin Jul 01 '12 at 10:44
1

This could never work, as the iframe object lives in the same document as the script, therefore by using `parent` you're referring to the parent of the document, not the parent of the iframe – freefaller Jul 01 '12 at 10:46

iframe dynamic src

2 Answers2