Solve the problem of communication between parent page and iframe page through pseudo-protocol_javascript skills

We often have operations on parent pages and iframe pages, such as

939370b3c8787d52ac84eef51d6f9a93065276f04003e4622c4fe6b64f465b88

The content inside this iframe is written in js. Such as the following code

var iframe = document.getElementById("iframe"),
  doc = iframe.contentWindow.document;
doc.open();
doc.write("---------something------");
doc.close();

The above code is correct in most cases. But there is a situation where the parent page explicitly writes document.domain = "xxx";

In IE series (I haven’t tried it on IE10), there will be an error of not having permission. There is no problem in firefox and chrome.

Why is this? This is a bug in IE, that is, when the parent page does not explicitly set document.domain, the iframe will default to the document.domain being the same as the parent page, that is, both are

location.host, parent and child pages can communicate, that is, the example of the article header, but when the parent page explicitly sets document.domain="", the pages in the iframe must also explicitly set document.domain= "xxx", otherwise

If you don’t have permission to get iframe.contentWindow.document, you can’t write content dynamically. In fact, you can also make the iframe point to a specific page. This page explicitly sets document.domain="xxx", and then through the article The starting square

, but the problem is that my parent page has many such iframes, and the number is unknown (all are advertising spaces), so it cannot pass a specific page.

The problem arises. In this case, we seem to have no solution

1. The parent page is set and must explicitly set document.domain

2. The content of the iframe page needs to be dynamically generated by js.

3. No chance to set src for iframe.

But when the above three conditions are met, we can solve this kind of problem through pseudo-protocol.

Copy code The code is as follows:

iframe.src="javascript:void((function(){var d=document;d.open();d.domain='xxx;d.write('---something');d.close()} )())";

In this way, the document.domain of the iframe can be explicitly set to be consistent with the parent page.

After writing this, the need to dynamically write iframe content is indeed realized, but this page will pop up separately, like window.open();
Why is this? This is also a bug in the IE series, that is, the parent page has 5d43740c2c81c12a30358e8bd80a5b616f6cb83b34cb7f2d6a4aed109317b73a, and the content written through the pseudo-protocol of the iframe will pop up a new page like window.open,
But the dde6fb694e6711ae5e6f381704c04ae4 of the parent page must be _self, so you can only set the target of base to _self before calling iframe.src. After the content is written, set the target of base to _blank

This solves the problem.

Although pseudo-protocols can solve this problem, there are some risks. Don’t use this method casually unless it is absolutely necessary.