can u read selected text in an iframed google page?!?!?!

**Randy Webb** · Jun 27 '07, 01:45 AM

Re: can u read selected text in an iframed google page?!?!?!

jojoba@gmail.co m said the following on 6/26/2007 8:45 PM:

hi
>
welcome to cross domain fun!

Fix your Caps Lock key.

i am serving an asp page.

Irrelevant to client side scripting.

i have an iframe in the page pointing to another domain, say,
http://www.google.com.
ok, i know, different domains.

Your Caps Lock key doesn't seem to work either. I know, you know.

i know i can communicate data between the parent page and the iframe
using the fragment identifier technique.

That isn't communicating from parent page to child page, that is simply
communicating via URL and is irrelevant to cross-domain scripting.

however, i would like to be able to actually get data, via javascript,
to send along this channel.

To "send along this channel"? What "channel" is that? The URL?

specifically, can i, using javascript, ask the google iframe doc for
any selected text (among other things)?

You can try but it is going to throw a security warning/error.

i mean, what's the point of being able to communicate across cross-
domain frames if i cant get data from them in the first place
think i'm missing something big here

The difference is in who sends the data and how it is sent. Sending it
via URL, to me, is not "cross-domain scripting" as it is quite possible
(and done everyday) without scripting.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

**shimmyshack** · Jun 27 '07, 01:45 AM

Re: can u read selected text in an iframed google page?!?!?!

On Jun 27, 1:45 am, joj...@gmail.co m wrote:

hi
>
welcome to cross domain fun!
i am serving an asp page.
i have an iframe in the page pointing to another domain, say,http://www.google.com.
ok, i know, different domains.
i know i can communicate data between the parent page and the iframe
using the fragment identifier technique.
however, i would like to be able to actually get data, via javascript,
to send along this channel.
specifically, can i, using javascript, ask the google iframe doc for
any selected text (among other things)?
i mean, what's the point of being able to communicate across cross-
domain frames if i cant get data from them in the first place
think i'm missing something big here
>
thanks for any help here,
jojoba

whats the point of XSS if you can just ask for the data. However if
you are just talking about YOUR browser, then you can inject js into
the google iframe to send data back through proxies, so it does depend
on your need. If you are asking "how can I get users to log on to my
website and allow me to grab their google data" the answer is by using
one of the current XSS vulnerabilties in google, or by some browser
security issue, but officially you cant.

can u read selected text in an iframed google page?!?!?!

can u read selected text in an iframed google page?!?!?!

Comment

Comment