nested iframes using iframe.contentDocument.createElement #53
Labels
Comments
|
Not sure nesting has an advantage if scripts are set to inject all frames |
|
Concept const thisSiteCantBeReached = 'about:galvx7fxzm9rnburjkx'
const createIframe = (doc, id, contentWindow = false) => {
const iframe = doc.createElement('iframe')
iframe.setAttribute('id', id)
iframe.setAttribute('style', 'visibility: hidden; height: 0')
iframe.setAttribute('sandbox', 'allow-same-origin')
if (window.chrome) {
iframe.src = thisSiteCantBeReached
}
doc.body.appendChild(iframe)
const rendered = doc.getElementById(id)
return {
el: rendered,
context: rendered[contentWindow ? 'contentWindow' : 'contentDocument'],
remove: () => rendered.parentNode.removeChild(rendered)
}
}
const parentIframe = createIframe(document, 'iframe-1')
const {
context: win
} = createIframe(parentIframe.context, 'iframe-2', true)
// Needed for some Chrome Extensions
if (window.chrome) { win.location = thisSiteCantBeReached }
setTimeout(() => { console.log(win.navigator.userAgent); parentIframe.remove() }, 100) // try catch this |
abrahamjuliot
added a commit
that referenced
this issue
Aug 24, 2020
abrahamjuliot
added a commit
that referenced
this issue
Aug 24, 2020
abrahamjuliot
added a commit
that referenced
this issue
Aug 24, 2020
abrahamjuliot
added a commit
that referenced
this issue
Aug 29, 2020
|
improve test inspired by https://canvasblocker.kkapsner.de/test/test.js const len = window.length;
const div = document.createElement('div')
document.body.appendChild(div)
div.innerHTML = '<iframe></iframe>'
const iframeWindow = window[len]function getDynamicIframeWindow({ context, nestIframeInContainerDiv = false }) {
const elementName = nestIframeInContainerDiv ? 'div' : 'iframe'
const length = context.length
const element = document.createElement(elementName)
document.body.appendChild(element)
if (nestIframeInContainerDiv) {
element.innerHTML = '<iframe></iframe>'
}
const iframeWindow = context[length]
document.body.removeChild(element)
return iframeWindow
}
getDynamicIframeWindow({ context: frames })
getDynamicIframeWindow({ context: window })
getDynamicIframeWindow({ context: window, nestIframeInContainerDiv: true }) |
abrahamjuliot
added a commit
that referenced
this issue
Oct 23, 2020
abrahamjuliot
added a commit
that referenced
this issue
Oct 24, 2020
abrahamjuliot
added a commit
that referenced
this issue
Oct 25, 2020
|
x number of nested iframes concept (function() {
'use strict';
const getNestedIframes = (n, context = window) => {
n = +n
let parent, total = n
return (function getIframeWindow(win, {
previous = context
} = {}) {
if (!win) {
console.log('stopped at ', total - n)
return previous
}
const numberIframes = win.length
const div = win.document.createElement('div')
win.document.body.appendChild(div)
div.innerHTML = '<iframe></iframe>'
const iframeWindow = win[numberIframes]
if (total == n) {
parent = div
parent.setAttribute('style', 'display:none')
}
n--
if (!n) {
parent.parentNode.removeChild(parent)
return iframeWindow
}
return getIframeWindow(iframeWindow, {
previous: win
})
})(context)
}
const w = getNestedIframes(20)
console.log('canvas: ', window.document.createElement('canvas').toDataURL() == w.document.createElement('canvas').toDataURL())
})() |
abrahamjuliot
added a commit
that referenced
this issue
Oct 27, 2020
abrahamjuliot
added a commit
that referenced
this issue
Oct 29, 2020
abrahamjuliot
added a commit
that referenced
this issue
Oct 31, 2020
abrahamjuliot
added a commit
that referenced
this issue
Nov 1, 2020
abrahamjuliot
added a commit
that referenced
this issue
Nov 1, 2020
|
this has potential in headless stealth test (currently effective) |
abrahamjuliot
added a commit
that referenced
this issue
Jul 4, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: