cross domain – Preventing javascript running in a HREF – Education Career Blog

I have a problem with the following HTML:

<a href="javascript:document.formName.submit();" target="iframe">

Where formName is the name of a form inside the iframe. I would like the browser to navigate to the page “javascript:…” in the iframe, so it executes the javascript on the current page in the iframe. My problem is that the browser will attempt to execute the function and use the returned result as the url. Of course there is no form to submit on the current page, so I just get an error.

,

Cross domain iframes are no fly zones, you won’t be able to do anything with or to the DOM inside of a frame on a different domain. Even if the user clicked the submit button inside the frame, your page would not be able to get the new url back out of the frame.

,

In this case, you can do it by reaching inside the iframe:

<a href="javascript:window.framesN.contentDocument.FORMNAME.submit()">

(that may not be exactly the right incantation). In general, you should do this with an onclick handler for the hyperlink, that invokes a function defined by the iframe’s document.

EDIT: There is NO WAY to make this work cross-domain. It’s a violation of the browser’s security policies.

Leave a Comment