Thursday, April 21, 2005

Expand iframe to no scroll bar

I have a piece of JS code to expand iframe size, then scroll bar disappears.

//sample iframe code for ccExpandIFrame
//<IFRAME SRC="foo.html" NAME="dynamicFrame" marginHeight="0" marginWidth="0" width="100%" //FRAMEBORDER="no" SCROLLING="yes" onLoad="ccExpandIframe(this)">
//</IFRAME>
function ccExpandIframe(fooFrame) { // only good for page in the same domain name.
 
  location.hash="#";      
    var fooWin = eval("window." + fooFrame.name);
  if (document.getElementById) {
      try {
      //if (location.hostname == fooWin.location.hostname) {

            var fooBody = fooWin.document.body;
            var fooHeight=fooBody.scrollHeight + fooBody.offsetHeight - fooBody.clientHeight;
            var fooWidth=fooBody.scrollWidth + fooBody.offsetWidth - fooBody.clientWidth;
            fooFrame.style.height = fooHeight;
            fooFrame.style.width = fooWidth;
        fooFrame.style.borderStyle="none";
            if (document.all) {
          fooBody.scroll="no";
          fooFrame.frameBorder=0;
        }
      //}
      } catch (e) {}
  }
}

But my problem is when I try to include other site into iframe, permission denied is triggered. Once cross domain, the other domain window object can't be accessed.

The only way I can access is IFRAME object. Still need to find out a way when IFRAME showing scroll bar, but it's pretty much dead end.

1 comment:

claudio said...

Security thing you find even in Ajax.

You can just touch whatever is inside the same domain, even a http://www.domain.com and http://domain.com is considered differently.

Reason : imagine for example what happens if I include an Object from my page, which is on annother domain and includes the same page where I have my include. Would become a never ending loop, may be better even than a DOS attack.

Now If I could touch (not having that security), my include object over the DOM, I just need to add a document.write istruction writing an <object or <iframe, and I will kill whatever external server and domain by this.

That is why they placed that security browser wise.

In any case that thing, gave me a good idea for those shit hackers, placing you backdoors on your servers...

So thanks

Quasiamodo