Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Dec 2010
    Location
    Germany
    Posts
    19
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Question Iframes allow_from

    Since you people have helped me many times in the past with the iframes and have always given me solid advice, i thought i would try again. My website at: http://www.krillmeed.com/index.htmluses iframes, not the best design but my visitors like it. Works well apart from one thing. The blog which is hosted on the same domain is a Wordpress, people can view it but not login when its in the iframe. The same goes for the Database which is a Mediawiki, but is hosted on my other domain at http://lcarsmemoryalpha.com/index.html I have complete access to both of these.
    I have read that i can allow access in Iframes to correct this either from Same-Origin or Allow-From. Is this possible? If so, what do i do and where do i put it? I have read different opinions and options, which i found confusing.
    Can anyone help?
    Last edited by krillmeed; 02-19-2013 at 12:15 PM.

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,519
    Thanks
    8
    Thanked 1,090 Times in 1,081 Posts
    I found this:
    http://msdn.microsoft.com/en-us/hh563496.aspx

    This is the download of it:
    https://github.com/writeline/HTML5-Sandbox-Demo

    I just tested it on my website. In the iframe, I put in the url of another website of mine that has a login. It worked good. I had to allow "forms". I'm still not so sure about the security issues of this. I never use <iframe> anyhow.

    The demo also requires HTML5, so people with older browsers can't use it.



    .
    Last edited by mlseim; 02-18-2013 at 02:59 PM.

  • Users who have thanked mlseim for this post:

    krillmeed (02-18-2013)

  • #3
    New Coder
    Join Date
    Dec 2010
    Location
    Germany
    Posts
    19
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Thanks for that, never got too far with testing it, since the computer i use for working on my website still has XP which cannot use sandbox. I was hoping for something a little easier. I mean this is my index page at the moment:

    Code:
    <HTML>
    <HEAD>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
    <META HTTP-EQUIV="Content-Language" CONTENT="en-us">
    <meta name="title" content="Krillmeeds star trek site" />
    <meta name="description" content="A star trek nexus including images, screencaps, audio files, ecards, conventions list, forum, themes, software,videos,animations, scripts and tools to build your own star trek website. Even a star trek wiki" />
    <meta name="keywords" content="Star trek, star trek waves, star trek images, star trek animations, star trek wiki, star trek forum, star trek ecards, star trek news, star trek conventions, star trek scripts, star trek themes, star trek software, star trek videos" />
    <meta name="author" content="krillmeed" />
    <meta name="owner" content="krillmeed" />
    <meta name="copyright" content="(c) 2011 krillmeed" />
    <LINK rel="stylesheet" href="lcars.css">
    <script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
    <script language="javascript">AC_FL_RunContent = 0;</script>
    <script src="AC_RunActiveContent.js" language="javascript"></script>
    <script language="Javascript" src="lcarsindex.js" type= "text/javascript"></script>
    <TITLE>Krillmeeds Star Trek site</TITLE>
    </HEAD>
    <BODY class=Template bgcolor=Black>
    <div class=TopPanel>
      <script language="javascript">AC_FL_RunContent = 0;</script>
      <script src="AC_RunActiveContent.js" language="javascript"></script>
      <script language="javascript">
    	if (AC_FL_RunContent == 0) {
    		alert("This page requires AC_RunActiveContent.js. In Flash, run \"Apply Active Content Update\" in the Commands menu to copy AC_RunActiveContent.js to the HTML output folder.");
    	} else {
    		AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0','width','100%','height','100%','title','Top','src','pages/bars/top','quality','high','pluginspage','http://www.macromedia.com/go/getflashplayer','scale','exactfit','movie','pages/bars/top' ); //end AC code
    	}
      </script>
      <noscript>
      <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="100%" height="100%" title="Top">
        <param name="movie" value="pages/bars/top.swf">
        <param name="quality" value="high">
        <param name="SCALE" value="exactfit">
        <embed src="pages/bars/top.swf" width="100%" height="100%" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" scale="exactfit"></embed>
      </object></noscript>
    </div>
    <DIV ID=Buttons Class=Buttons></DIV>
    <DIV Class=SidePanel>
    <script language="javascript">AC_FL_RunContent = 0;</script>
    <script src="AC_RunActiveContent.js" language="javascript"></script>
    <script language="javascript">
    	if (AC_FL_RunContent == 0) {
    		alert("This page requires AC_RunActiveContent.js. In Flash, run \"Apply Active Content Update\" in the Commands menu to copy AC_RunActiveContent.js to the HTML output folder.");
    	} else {
    		AC_FL_RunContent(
    			'codebase', 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0',
    			'width', '46%',
    			'height', '90%',
    			'src', 'pages/bars/side',
    			'quality', 'high',
    			'pluginspage', 'http://www.macromedia.com/go/getflashplayer',
    			'align', 'middle',
    			'play', 'true',
    			'loop', 'true',
    			'scale', 'ExactFit',
    			'wmode', 'transparent',
    			'devicefont', 'false',
    			'id', 'pages/bars/side',
    			'bgcolor', '#000000',
    			'name', 'pages/bars/side',
    			'menu', 'true',
    			'allowScriptAccess','sameDomain',
    			'movie', 'pages/bars/side',
    			'vertical-align: top', ''
    			); //end AC code
    	}
    </script>
    </DIV>
    	<DIV Class=InternalPage>
    <IFRAME ID="PageContent" NAME="PageContent"
    src="http://www.krillmeed.com/main.html" ID="PageContent" height=87% width=100% SCROLLING=AUTO FRAMEBORDER=0></IFRAME>	</DIV>
    <DIV ID=Cursor></DIV>
    	<INPUT TYPE=HIDDEN ID=SoundFlag><INPUT TYPE=HIDDEN ID=MouseFlag>
    <SCRIPT Language=text/javascript>
    var position = document.URL.indexOf('=')+1;
    var length = document.URL.length;
    var url = document.URL.substring(position, length);
    
    isDOM=document.getElementById?true:false;
    if ( isDOM ) {
    	document.getElementById('PageContent').src = url;
    }
    else {
    	PageContent.src = url;
    }
    
    if ( isDOM ) {
    	if ( document.getElementById("MouseFlag").value == "" ) {
    		HTMLText = "<IMG BORDER=0 Name=MouseToggle ID=MouseToggle src=\"images/MouseOff.gif\" onClick=\"ToggleMouse();\">";
    		document.getElementById("Buttons").innerHTML = HTMLText;
    		document.getElementById("MouseFlag").value = "SHOW";
    	}
    	else {
    		if ( document.getElementById("MouseFlag").value == "HIDE" ) {
    			HTMLText = "<IMG BORDER=0 Name=MouseToggle ID=MouseToggle src=\"images/MouseOn.gif\" onClick=\"ToggleMouse();\">";
    			document.getElementById("Buttons").innerHTML = HTMLText;
    		}
    		if ( document.getElementById("MouseFlag").value == "SHOW" ) {
    			HTMLText = "<IMG BORDER=0 Name=MouseToggle ID=MouseToggle src=\"images/MouseOff.gif\" onClick=\"ToggleMouse();\">";
    			document.getElementById("Buttons").innerHTML = HTMLText;
    		}			
    	}
    }
    
    if ( isIE && isDOM ) {
    	if ( document.getElementById("SoundFlag").value == "" ) {
    		HTMLText = "<IMG BORDER=0 Name=MusicToggle ID=MusicToggle src=\"images/MusicOff.gif\" onClick=\"ToggleMusic();\">";
    		document.getElementById("Buttons").innerHTML = document.getElementById("Buttons").innerHTML + HTMLText;
    		document.getElementById("SoundFlag").value = "PLAY";
    	}
    	else {
    		if ( document.getElementById("SoundFlag").value == "STOP" ) {
    			HTMLText = "<IMG BORDER=0 Name=MusicToggle ID=MusicToggle src=\"images/MusicOn.gif\" onClick=\"ToggleMusic();\">";
    			document.getElementById("Buttons").innerHTML = document.getElementById("Buttons").innerHTML + HTMLText;
    		}
    		if ( document.getElementById("SoundFlag").value == "PLAY" ) {
    			HTMLText = "<IMG BORDER=0 Name=MusicToggle ID=MusicToggle src=\"images/MusicOff.gif\" onClick=\"ToggleMusic();\">";
    			document.getElementById("Buttons").innerHTML = document.getElementById("Buttons").innerHTML + HTMLText;
    		}
    	}
    }
    
    </SCRIPT>
    <script type="text/javascript">
    (function(){
    	function getQval(n) {
    		if(typeof n !== 'string'){
    			return null;
    		}
    		var r = new RegExp('[?&;]' + n + '=([^&;#]*)'), m = location.search;
    		return (m = r.exec(m))? unescape(m[1]) : null;
    	}
    	var f = getQval('frame'), s = getQval('src');
    	if(f && frames[f] && s && s.indexOf(location.protocol + '//' + location.hostname + '/') === 0){
    		frames[f].location.href = s;
    	}
    })();
    </script>
    </BODY>
    </HTML>
    This is the index page that came with the download, which i presume i am going to have to incorporate into each other:

    Code:
    <!DOCTYPE html>
    
    <html lang="en">
        <head>
            <meta charset="utf-8" />
            <title></title>
            <script>
                window.onload = function() {
                    if( "sandbox" in document.createElement("iframe") ) {
                        sandboxSupported = true;
                        var element = document.getElementById( "support" );
                        element.setAttribute( "style", "display: none;" );
                    } else {
                        var element = document.getElementById( "options" );
                        element.setAttribute( "style", "display: none;" );
                    }
                    
                    var checkboxes = document.getElementsByTagName( "input" );
                    for( i = 0; i < checkboxes.length; i++ )
                    {
                        checkboxes[i].addEventListener("click", reloadSandboxedFrame );
                    }
                    
                    reloadSandboxedFrame();
                };
                
                function reloadSandboxedFrame() {
                    if( !sandboxSupported ) { return; }
                    var checkboxes = document.getElementsByTagName( "input" );
                    var sandbox = "";
                    for( i = 0; i < checkboxes.length; i++ ) {
                        if( checkboxes[i].checked ) {
                            sandbox += checkboxes[i].value + " ";
                        }
                    }
    
                    var iframe = document.getElementById( "theFrame" );
                    if( !iframe ) {
                        iframe = document.createElement( "iframe" );                    
                        iframe.setAttribute( "id", "theFrame" );
                        iframe.setAttribute( "scrolling", "no" );
                        iframe.setAttribute( "width", "100%" );
                        iframe.setAttribute( "height", "600" );
                        document.getElementById("page").appendChild(iframe);
                    }
                    iframe.setAttribute( "sandbox", sandbox );
                    iframe.setAttribute( "src", "untrusted.html" );
                }
            </script>
        </head>
        <body id="page">
            <h1>HTML5 IFrame Sandbox Demo</h1>
            <article>
                <h2 id="support">Your browser does not support the sandbox attribute!</h2>
            </article>
            <section id="options">
                <h3>Options to modify the sandbox</h3>
                <p>Checking an option will reload the page in the IFRAME below with the modified sandbox</p>
                <input name="allowJavaScript" type="checkbox" value="allow-scripts" />Allow JavaScript<br/>
                <input name="allowForms" type="checkbox" value="allow-forms" />Allow Forms<br/>
                <input name="allowSameOrigin" type="checkbox" value="allow-same-origin" />Allow Same Origin<br/>
                <input name="allowTopNavigation" type="checkbox" value="allow-top-navigation" />Allow Top Navigation<br/>
                <input name="allowPopups" type="checkbox" value="ms-allow-popups" />Allow Popups (Just IE10)<br/>            
                <h3>Untrusted.html hosted in a sandboxed IFRAME</h3>
            </section>
        </body>
    </html>
    I could be wrong, but it looks like it would be impossible with my limited experience. But thank you for your quick reponse all the same, very kind of you sir.
    Last edited by krillmeed; 02-18-2013 at 06:48 PM.

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,519
    Thanks
    8
    Thanked 1,090 Times in 1,081 Posts
    Upload that demo as "test.html" after you change the line indicated below.

    Windows xp doesn't matter. You browser matters. Look for the line that has "untested.html" in it. Change that to your website blog and see what happens. Use Chrome for your browser.



    .
    Last edited by mlseim; 02-18-2013 at 11:56 PM.

  • Users who have thanked mlseim for this post:

    krillmeed (02-19-2013)

  • #5
    New Coder
    Join Date
    Dec 2010
    Location
    Germany
    Posts
    19
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Sounds like a plan I will give it a go and get back to you. Thanks

  • #6
    New Coder
    Join Date
    Dec 2010
    Location
    Germany
    Posts
    19
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Tried it, it did open the blog in a iframe properly, but nothing happened at all when it tried to click on "Log in" or "Register". all the other links work correctly, also tried this in firefox and IE also did not work. Funny enough, it did work as it should with the Mediawiki database though, I could login and log out through the iframe no problem with Chrome.

  • #7
    New Coder
    Join Date
    Dec 2010
    Location
    Germany
    Posts
    19
    Thanks
    3
    Thanked 0 Times in 0 Posts
    I did some more reading and i think i have found the problem, The wiki database was simple enough, it just needed a P3P Compact Privacy Policy
    in the header to work, the Wordpress had filters in it to stop it being used in iframes, having allowed from the same domain it now works. Thank you for all your help and advice.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •