Thursday, April 21, 2005

Expand iframe to no scroll bar

I have a piece of JS code to expand iframe size, then scroll bar disappears.

//sample iframe code for ccExpandIFrame
//<IFRAME SRC="foo.html" NAME="dynamicFrame" marginHeight="0" marginWidth="0" width="100%" //FRAMEBORDER="no" SCROLLING="yes" onLoad="ccExpandIframe(this)">
function ccExpandIframe(fooFrame) { // only good for page in the same domain name.
    var fooWin = eval("window." +;
  if (document.getElementById) {
      try {
      //if (location.hostname == fooWin.location.hostname) {

            var fooBody = fooWin.document.body;
            var fooHeight=fooBody.scrollHeight + fooBody.offsetHeight - fooBody.clientHeight;
            var fooWidth=fooBody.scrollWidth + fooBody.offsetWidth - fooBody.clientWidth;
   = fooHeight;
   = fooWidth;"none";
            if (document.all) {
      } catch (e) {}

But my problem is when I try to include other site into iframe, permission denied is triggered. Once cross domain, the other domain window object can't be accessed.

The only way I can access is IFRAME object. Still need to find out a way when IFRAME showing scroll bar, but it's pretty much dead end.

1 comment:

claudio said...

Security thing you find even in Ajax.

You can just touch whatever is inside the same domain, even a and is considered differently.

Reason : imagine for example what happens if I include an Object from my page, which is on annother domain and includes the same page where I have my include. Would become a never ending loop, may be better even than a DOS attack.

Now If I could touch (not having that security), my include object over the DOM, I just need to add a document.write istruction writing an <object or <iframe, and I will kill whatever external server and domain by this.

That is why they placed that security browser wise.

In any case that thing, gave me a good idea for those shit hackers, placing you backdoors on your servers...

So thanks