编辑内部iframe内的跨域iframe的css [英] Edit the css of a cross domain iframe that is inside an internal iframe
问题描述
我检查了这里提出的关于编辑iframe的CSS的(很多)问题,我能够编辑来自我们自己网站的其他iframe,但这是完全不同的。
I checked the (many) questions asked here about editing the CSS of an iframe, and I was able to edit other iframes that come from our own site, but this is quite different.
我有一个iframe(托管在同一个网站上)创建了一些HTML元素,然后调用跨域iframe来显示游戏(在其中)。
I have an iframe (hosted on the same site) that creates some HTML elements and then calls a cross domain iframe to display a game (inside it).
到目前为止,我已经能够使用jquery .contents()和.find()函数自由编辑内部iframe:
So far I have been able to freely edit the internal iframes by using jquery .contents() and .find() function:
var first-iframe = $('#iframeid').contents();
first-frame.find('.to-modify').css('blabla','10);
内容允许我.find()iframe中的任何元素并修改css。当我有第二个跨域iframe时会出现问题。
The contents allows me to .find() any element inside the iframe and modify the css. The problem comes when I have the second, cross domain iframe.
第一个.contents()似乎没有让我访问第二个iframe,我不确定是否可以进行排队调用。我试过这样的事情:
The first .contents() doesn't seem to give me access to the second iframe, and I'm unsure if doing a queued call works. I tried something like this:
first-iframe.find('#second-Iframe').contents();
但这似乎也不起作用。我阅读了许多其他选项来编辑css,但大多数选项不适用于跨域iframe。
But that doesn't seem to work either. I read many other options to edit css, but most of them don't work with cross domain iframes.
很抱歉没有提供任何代码,它包含一些明智的逻辑。我希望我的问题足够明确。
Sorry for not providing any code, it contains some sensible logic. I hope I made my issue clear enough.
推荐答案
无法编辑跨域IFrame,因为它会打开所有各种安全漏洞。
There is no way to edit a Cross Domain IFrame, because it would open all kinds of security loopholes.
想象一下,我打开一个隐藏的跨域IFrame给你的银行,可以对它进行流氓JS操作吗?
Imagine for a second I open a hidden Cross Domain IFrame to your bank and can run rogue JS manipulations on it?
但是,您可以在域链中操作同一级别或更低级别的域,但这是因为域内的内部信任,例如:example.com可以编辑bar.example .com
You can however, manipulate domains within the same level, or lower in your domain chain, but thats because of "the internal trust" into the domain level, e.g: example.com can edit bar.example.com
如果有办法,那就是CVE,应报告固定。
If there is a way, it's a CVE, and should be reported to be fixed.
这篇关于编辑内部iframe内的跨域iframe的css的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
