cannot get the outerHTML for a cross origin iframe from page.evaluate of parent window #699
Comments
|
phantom allows you to do this because
Disabling security features means that content in the frame can access to the host page and vice-versa, and this is really dangerous. Most of time, you don't know what these pages are doing, except if you are the author of both sites. Did you try to evaluate the javascript directly into the frame, by using API related to frames? |
|
I'll give your suggestion a try and see if that works. |
|
It used to work like this, but now sometimes not working, I think it fails before iframe is completely loaded. Will try to make some example |
|
I tried it as follows in the page.onLoadFinished hook: And it just gave me the outerHTML of the root page. |
|
Any ideas on whether this is a limitation of slimer and if so, are there plans to fix? |
versions
Steps to reproduce the issue
Create a simple webpage that holds nothing but an iframe in a different origin/domain.
Verify that in chrome and firefox devtools, though the iframe displays the content of the
cross-origin src, devtools cannot see anything on frames[0] of the root page relating to
the framewin.document.
Run this page thru slimer and use page.evaluate to console.log() the following:
var win = frames[0];
var content = win.contentDocument.documentElement.outerHTML;
console.log(content);
Get a Script Error logged in the console output of slimer:
Script Error: Error: Permission denied to access property "contentDocument" on cross-origin object
Stack:
-> phantomjs://webpage.evaluate(): 3
-> phantomjs://webpage.evaluate(): 1
Although this is not surprising, phantom allows you to do this! Is there any way to relax cors issues in page.evaluate in slimerjs?
The text was updated successfully, but these errors were encountered: