"seans" <se******@yahoo.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
Hi,
Is there some way from preventing the JavaScript code in a document
loaded into an iframe from executing? I don't have access to the pages
being loaded into the i-frame so I can't modify then. They are being
loaded from a server.
I may be misunderstanding your question but I'll give it a shot.
In general there's no simple way, but the matter rests on the source servers
for the material.
If the iFrame source is loaded from a server DIFFERENT from the one from
which the main page source was loaded then the browser security model will
prevent you from accessing the content of that page. There's no way around
this on the client-side (or, at the very least, any way around this is a
MAJOR security flaw).
In short: while you can load content from other servers into your frames and
iFrames you cannot actually "touch" that content at all. It's not yours -
hands off.
If the iFrame source is from the SAME server then you may be able to jury
rig something... but it will be a tenious solution at best. One obvious
option is to use XMLHttpRequest to fetch the source code meant for the
iFrame and maniplate it (strip out the script) before loading it into the
iFrame. This is riddled with problems however...
+) Any links or references in the iFrame will have to be examined: the
iFrame content's context will no longer be the same as if you allowed it to
be served normally. Relative links may (probably will) break. HREFs may
not (probably won't) function any longer.
+) As you've stated you have no control over the iFrame content, there's
nothing to stop it from changing and breaking your code (the likelyhood of
this happening in any so-called "screen scraping" operation is generally
assumed to be 1 in 1). If you're code to remove the offending script is too
specific it will probably break even sooner... if it's to general it will
probably break too much in the target page.
+) It also converts a simple task (changing the href of an iFrame) to a much
more complex one: this ain't never a good ideer.
All told it's really simplest to just consider it un-doable. ;^)
Jim Davis