Another ingenious implementation idea for iframe window height adaption_javascript skills

There is a page index.html in domainA, and a page other.html in domainB is nested through an iframe
Since the other.html page is displayed in an iframe, and its page content will increase or decrease dynamically, now you need to remove the iframe The scroll bar
Due to the restrictions of the JavaScript same-origin policy, cross-domain operations cannot be performed, which makes the problem more difficult
Referring to the online practice, an agent page, or called intermediary agent.html, is introduced, which belongs to domainA
Then, in other.html in domainB, use iframe to nest agent.html

Okay, now the situation is like this:

index.html Use iframe to embed Nest other.html
other.html Use iframe to nest agent.html
The reason why the third page agent.html is introduced is to comply with the rules of the "same origin policy" and complete the transfer of parameters under different domains !

Our ultimate goal is to remove the scroll bar and ensure that all embedded page content is displayed
1. Get the actual height of the other.html page
2. Set the height to On the src attribute of the embedded iframe
3. Intercept the height value in the src attribute of the iframe in agent.html

In the following example, a trick is used to avoid using setInterval( ) Constantly set the height of the iframe
The method is to attach a timestamp to the src of the iframe, so that the browser reloads agent.html every time
Then let the js function invokeMethodInTopWindow() in agent.hml get Execute 2 html in
domainA

index.html

Copy code The code is as follows:

#{extends 'main.html' /}
#{set title:'Home' /}

---

Window adaptation---bypassing the restrictions of the same-origin policy, and at the same time using the same-origin policy to remove the scroll bar of the iframe and dynamically adjust the height of the window so that it can Display all content of the nested page

agent.html

Copy code The code is as follows:

< ;meta charset="UTF-8">



I am a proxy page!

other.html in domainB

Copy code The code is as follows:

切换显示

在JavaScript中，有一个很重要的安全性限制，被称为“Same-Origin Policy”（同源策略）。
这一策略对于JavaScript代码能够访问的页面内容做了很重要的限制，即JavaScript只能访问与包含它的文档在同一域下的内容。
所谓同源是指，域名，协议，端口相同。
在JavaScript中，有一个很重要的安全性限制，被称为“Same-Origin Policy”（同源策略）。
这一策略对于JavaScript代码能够访问的页面内容做了很重要的限制，即JavaScript只能访问与包含它的文档在同一域下的内容。
所谓同源是指，域名，协议，端口相同。
在JavaScript中，有一个很重要的安全性限制，被称为“Same-Origin Policy”（同源策略）。
这一策略对于JavaScript代码能够访问的页面内容做了很重要的限制，即JavaScript只能访问与包含它的文档在同一域下的内容。
所谓同源是指，域名，协议，端口相同。
在JavaScript中，有一个很重要的安全性限制，被称为“Same-Origin Policy”（同源策略）。
这一策略对于JavaScript代码能够访问的页面内容做了很重要的限制，即JavaScript只能访问与包含它的文档在同一域下的内容。
所谓同源是指，域名，协议，端口相同。
在JavaScript中，有一个很重要的安全性限制，被称为“Same-Origin Policy”（同源策略）。
这一策略对于JavaScript代码能够访问的页面内容做了很重要的限制，即JavaScript只能访问与包含它的文档在同一域下的内容。
所谓同源是指，域名，协议，端口相同。
在JavaScript中，有一个很重要的安全性限制，被称为“Same-Origin Policy”（同源策略）。
这一策略对于JavaScript代码能够访问的页面内容做了很重要的限制，即JavaScript只能访问与包含它的文档在同一域下的内容。
所谓同源是指，域名，协议，端口相同。
在JavaScript中，有一个很重要的安全性限制，被称为“Same-Origin Policy”（同源策略）。
这一策略对于JavaScript代码能够访问的页面内容做了很重要的限制，即JavaScript只能访问与包含它的文档在同一域下的内容。
所谓同源是指，域名，协议，端口相同。
在JavaScript中，有一个很重要的安全性限制，被称为“Same-Origin Policy”（同源策略）。
这一策略对于JavaScript代码能够访问的页面内容做了很重要的限制，即JavaScript只能访问与包含它的文档在同一域下的内容。
所谓同源是指，域名，协议，端口相同。
在JavaScript中，有一个很重要的安全性限制，被称为“Same-Origin Policy”（同源策略）。
这一策略对于JavaScript代码能够访问的页面内容做了很重要的限制，即JavaScript只能访问与包含它的文档在同一域下的内容。
所谓同源是指，域名，协议，端口相同。

For example, a hacker program uses IFrame to embed the real bank login page on his page. When you log in with your real username and password At this time,
his page can read the input content in your form through Javascript, so that the username and password can be easily obtained.
For example, a hacker program uses IFrame to embed the real bank login page into his page. When you log in with your real username and password,
his page can read you through Javascript. The content of the input in the form, so that the user name and password can be easily obtained.
For example, a hacker program uses IFrame to embed the real bank login page into his page. When you log in with your real username and password,
his page can read you through Javascript. The content of the input in the form, so that the user name and password can be easily obtained.
For example, a hacker program uses IFrame to embed the real bank login page into his page. When you log in with your real username and password,
his page can read you through Javascript. The content of the input in the form, so that the user name and password can be easily obtained.
For example, a hacker program uses IFrame to embed the real bank login page into his page. When you log in with your real username and password,
his page can read you through Javascript. The content of the input in the form, so that the user name and password can be easily obtained.
For example, a hacker program uses IFrame to embed the real bank login page into his page. When you log in with your real username and password,
his page can read you through Javascript. The content of the input in the form, so that the user name and password can be easily obtained.
For example, a hacker program uses IFrame to embed the real bank login page into his page. When you log in with your real username and password,
his page can read you through Javascript. The content of the input in the form, so that the user name and password can be easily obtained.
For example, a hacker program uses IFrame to embed the real bank login page into his page. When you log in with your real username and password,
his page can read you through Javascript. The content of the input in the form, so that the user name and password can be easily obtained.