force target=“_self” on dynamic external cross domain in iframe

0
votes

I have a site on kiosk mode on chrome using iframe in which I am opening number of external sites. And each of the sites has their own links with target="_blank". I have no control on those external links. I want to open all those external links inside iframe only or I would need to publish some message for those target=_blank links. I can't open new window on kiosk. I have searched so far and found it has to be some server side coding. Javascript won't be any help in that.

My iframe code:

  navigateToExternal:function(href)
    {
        Engine.ui.openMenu();
        Engine.ui.exit();
        Engine.ui.mostRecentSection = "external";

        $("a[data-navsection], a[href]").removeClass("disabled");
        $("a[href='" + href + "']").addClass("disabled");

        $(".footer").hide();

       var sandbox = "sandbox=\"allow-forms allow-scripts allow-same-origin\"";


         $("#content-container").append("<iframe id=\"contentFrame\" src=" + href + "\"" + sandbox + "></iframe>");
    },

Any help or suggestion would be really great.

Thanks in advance!!

3
phpiframe

3 Answers

2
votes

You can't, the parent page can't access the cross-site iframe and the iframe can't access the cross-site parent page.

This falls under the Same-Origin policy and can't be worked-around on the client-side. You could scrape those sites on the server and present them as your own, however I'm not sure how effective that will be.

0
votes

If you're running on Chrome, you can try the html5 iframe sandbox attribute.

<iframe sandbox="allow-scripts allow-forms" src="..."></iframe>

More Reading

0
votes

I get a work around on this and thought to share. We can pass a command line argument For Mac, open Terminal and run:

 $ open -a Google\ Chrome --args --disable-web-security

and it will disable the Same-Origin-Policy and then we can make our required changes on cross site iframe.