Accessing iframe from chrome extension

by

To understand why your code does not work, I include a fragment of my previous answer:

Content scripts do not have any access to a page’s global window object. For content scripts, the following applies:

  • The window variable does not refer to the page’s global object. Instead, it refers to a new context, a “layer” over the page. The page’s DOM is fully accessible. #execution-environment

Given a document consisting of   <iframe id="frameName" src="http://domain/"></iframe>:

  • Access to the contents of a frame is restricted by the Same origin policy of the page; the permissions of your extension does not relax the policy.
  • frames[0] and frames['frameName'], (normally referring to the the frame’s containing global window object) is undefined.
  • var iframe = document.getElementById('frameName');
    • iframe.contentDocument returns a document object of the containing frame, because content scripts have access to the DOM of a page. This property is null when the Same origin policy applies.
    • iframe.contentDocument.defaultView (refers to the window object associated with the document) is undefined.
    • iframe.contentWindow is undefined.

Solution for same-origin frames

In your case, either of the following will work:

// jQuery:
$("#iframe1").contents()[0].execCommand( ... );

// VanillaJS
document.getElementById("iframe1").contentDocument.execCommand( ... );

// "Unlock" contentWindow property by injecting code in context of page
var s = document.createElement('script');
s.textContent="document.getElementById("iframe1").contentWindow.document.execCommand( ... );";
document.head.appendChild(s);

Generic solution

The generic solution is using "all_frames": true in the manifest file, and use something like this:

if (window != top) {
    parent.postMessage({fromExtension:true}, '*');
    addEventListener('message', function(event) {
        if (event.data && event.data.inserHTML) {
            document.execCommand('insertHTML', false, event.data.insertHTML);
        }
    });
} else {
    var test_html="test string";
    // Explanation of injection at https://stackoverflow.com/a/9517879/938089 :
    // Run code in the context of the page, so that the `contentWindow`
    //  property becomes accessible
    var script = document.createElement('script');
    script.textContent="(" + function(s_html) {
        addEventListener('message', function(event) {
            if (event.data.fromExtension === true) {
                var iframe = document.getElementById('iframe1');
                if (iframe && (iframe.contentWindow === event.source)) {
                    // Window recognised, post message back
                    iframe.contentWindow.postMessage({insertHTML: s_html}, '*');
                }
            }
        });
    } + ')(' + JSON.stringify(test_html) + ');';
    (document.head||document.documentElement).appendChild(script);
    script.parentNode.removeChild(script);
}

This demo is for educational purposes only, do not use this demo in a real extension. Why? Because it uses postMessage to pass messages around. These events can also be generated by the client, which causes a security leak (XSS: arbitrary HTML injection).

The alternative to postMessage is Chrome’s message API. For a demo, see this answer. You won’t be able to compare the window objects though. What you can do is to rely the window.name property. The window.name property is automatically set to the value of the iframe’s name attribute (just once, when the iframe is loaded).

More Related Contents:

  1. Getting around X-Frame-Options DENY in a Chrome extension?
  2. Communicate between scripts in the background context (background script, browser action, page action, options page, etc.)
  3. Is there a way to uniquely identify an iframe that the content script runs in for my Chrome extension?
  4. SecurityError: Blocked a frame with origin from accessing a cross-origin frame
  5. onclick or inline script isn’t working in extension
  6. Changing iframe src with Javascript
  7. Access iframe elements in JavaScript
  8. Reload an iframe with jQuery
  9. Scrolling an iframe with JavaScript?
  10. How to simulate key presses or a click with JavaScript?
  11. Selecting an element in iframe with jQuery
  12. How can a Chrome extension save many files to a user-specified directory?
  13. Reading response headers with Fetch API
  14. Google Chrome Extensions: How to include jQuery in programmatically injected content script?
  15. Wait for iframe to load in JavaScript
  16. Modify HTML of loaded pages using chrome extensions
  17. ‘observe’ on ‘MutationObserver’: parameter 1 is not of type ‘Node’
  18. How to block pop-up coming from iframe?
  19. Update object stored in chrome extension’s local storage
  20. Making a Chrome Extension download a file
  21. Embedding Google Apps Script in an iFrame
  22. Cannot read property ‘onClicked’ of undefined when using chrome.action or chrome.browserAction
  23. YouTube iFrame API “setPlaybackQuality” or “suggestedQuality” not working
  24. How to limit display of iframe from an external site to specific domains only
  25. Javascript: Let user select an HTML element like Firebug?
  26. How to develop Chrome extension for Gmail?
  27. monitoring history.pushstate from a chrome extension
  28. Retrieving which tabs are open in Chrome?
  29. Get height of iframe with external URL
  30. Why is iframe.contentWindow == null?

Leave a Comment