How to limit display of iframe from an external site to specific domains only

you can use an .htaccess (assuming the original content is on an Apache server) to limit the access to a specific IP. Or, if the page is a PHP, you could limit it to a specific domain, like this: <?php $continue = 0; if(isset($_SERVER[‘HTTP_REFERER’])) { //correct domain: $ar=parse_url($_SERVER[‘HTTP_REFERER’]); if( strpos($ar[‘host’], ‘yourdomain.com’) === false ){ } … Read more

How to force Iframe to run quirks under a standard parent frame

It’s not possible to trigger a different rendering mode in a child iframe in IE9, as officially documented here: http://msdn.microsoft.com/en-us/library/gg558056(v=vs.85).aspx (emphasis added): Although the newer rendering engine is only used when Windows Internet Explorer detects that an HTML page has requested the highest level of support for standards, the same is not always true for … Read more

Access child iFrame DOM from parent page

There is a way. When the page in the iframe loads, have it do the following parent.childGetElementById = function (id) {return document.getElementById(id);} parent.childLoaded(); This will make a function in the global scope of the parent page (that contains the iframe). Then in the parent, just have the following function childLoaded() {var dom = childGetElementById(‘someid’);} This … Read more

Accessing an element outside of iframe

Communication between an iframe and parent document is not possible for cross-origin resources. It will only work if the iframe and the containing page are from the same host, port and protocol – e.g. http://example.com:80/1.html and http://example.com:80/2.html For cross-origin resources, you can make use of window.postMessage to communicate between the two, but this is only … Read more

HTTP and HTTPS iframe

It is generally bad practice to embed an iframe with content served over HTTPS within a page served over plain HTTP (or mix content). The reason for this is that there’s no good way for the user to check they’re using the HTTPS site they intend (unless the user really wants to check the source … Read more