-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nested iframes using iframe.contentDocument.createElement #53
Labels
Comments
Not sure nesting has an advantage if scripts are set to inject all frames |
Concept const thisSiteCantBeReached = 'about:galvx7fxzm9rnburjkx'
const createIframe = (doc, id, contentWindow = false) => {
const iframe = doc.createElement('iframe')
iframe.setAttribute('id', id)
iframe.setAttribute('style', 'visibility: hidden; height: 0')
iframe.setAttribute('sandbox', 'allow-same-origin')
if (window.chrome) {
iframe.src = thisSiteCantBeReached
}
doc.body.appendChild(iframe)
const rendered = doc.getElementById(id)
return {
el: rendered,
context: rendered[contentWindow ? 'contentWindow' : 'contentDocument'],
remove: () => rendered.parentNode.removeChild(rendered)
}
}
const parentIframe = createIframe(document, 'iframe-1')
const {
context: win
} = createIframe(parentIframe.context, 'iframe-2', true)
// Needed for some Chrome Extensions
if (window.chrome) { win.location = thisSiteCantBeReached }
setTimeout(() => { console.log(win.navigator.userAgent); parentIframe.remove() }, 100) // try catch this |
abrahamjuliot
added a commit
that referenced
this issue
Aug 24, 2020
abrahamjuliot
added a commit
that referenced
this issue
Aug 24, 2020
abrahamjuliot
added a commit
that referenced
this issue
Aug 24, 2020
abrahamjuliot
added a commit
that referenced
this issue
Aug 29, 2020
improve test inspired by https://canvasblocker.kkapsner.de/test/test.js const len = window.length;
const div = document.createElement('div')
document.body.appendChild(div)
div.innerHTML = '<iframe></iframe>'
const iframeWindow = window[len] function getDynamicIframeWindow({ context, nestIframeInContainerDiv = false }) {
const elementName = nestIframeInContainerDiv ? 'div' : 'iframe'
const length = context.length
const element = document.createElement(elementName)
document.body.appendChild(element)
if (nestIframeInContainerDiv) {
element.innerHTML = '<iframe></iframe>'
}
const iframeWindow = context[length]
document.body.removeChild(element)
return iframeWindow
}
getDynamicIframeWindow({ context: frames })
getDynamicIframeWindow({ context: window })
getDynamicIframeWindow({ context: window, nestIframeInContainerDiv: true }) |
abrahamjuliot
added a commit
that referenced
this issue
Oct 23, 2020
abrahamjuliot
added a commit
that referenced
this issue
Oct 24, 2020
abrahamjuliot
added a commit
that referenced
this issue
Oct 25, 2020
x number of nested iframes concept (function() {
'use strict';
const getNestedIframes = (n, context = window) => {
n = +n
let parent, total = n
return (function getIframeWindow(win, {
previous = context
} = {}) {
if (!win) {
console.log('stopped at ', total - n)
return previous
}
const numberIframes = win.length
const div = win.document.createElement('div')
win.document.body.appendChild(div)
div.innerHTML = '<iframe></iframe>'
const iframeWindow = win[numberIframes]
if (total == n) {
parent = div
parent.setAttribute('style', 'display:none')
}
n--
if (!n) {
parent.parentNode.removeChild(parent)
return iframeWindow
}
return getIframeWindow(iframeWindow, {
previous: win
})
})(context)
}
const w = getNestedIframes(20)
console.log('canvas: ', window.document.createElement('canvas').toDataURL() == w.document.createElement('canvas').toDataURL())
})() |
abrahamjuliot
added a commit
that referenced
this issue
Oct 27, 2020
abrahamjuliot
added a commit
that referenced
this issue
Oct 29, 2020
abrahamjuliot
added a commit
that referenced
this issue
Oct 31, 2020
abrahamjuliot
added a commit
that referenced
this issue
Nov 1, 2020
abrahamjuliot
added a commit
that referenced
this issue
Nov 1, 2020
this has potential in headless stealth test (currently effective) |
abrahamjuliot
added a commit
that referenced
this issue
Jul 4, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: