Asked  7 Months ago    Answers:  5   Viewed   29 times

I have a webpage where there is a textarea within a iframe. I need to read the value of this textarea from its child page JavaScript. Presently by using window.parent.getelementbyID().value in the JavaScript, I am able to fetch values of all controls in the parent page except the textarea within the iframe.

The frame id and frame name in my parent page changes in runtime, hence we cannot use the frame id/frame name for reference.



If you have the HTML

<form name="formname" .... id="form-first">
    <iframe id="one" src="iframe2.html">

and JavaScript

function iframeRef( frameRef ) {
    return frameRef.contentWindow
        ? frameRef.contentWindow.document
        : frameRef.contentDocument

var inside = iframeRef( document.getElementById('one') )

inside is now a reference to the document, so you can do getElementsByTagName('textarea') and whatever you like, depending on what's inside the iframe src.

Tuesday, June 1, 2021
answered 7 Months ago

Hate to say it but I'm like 99% sure that ain't happening directly because of security.

You can try it out here.


Tuesday, June 1, 2021
answered 7 Months ago

Riot only provides 4 properties to access data from the current tag you're in:

  • this.opts
  • this.parent
  • this.root
  • this.tags

See the API docs


Besides this you can directly access named elements:

  <p name="foo">Hi, I'm foo</p>

see the docs


There's no direct reference to any of the elements you defined in your custom-tag; the rest comes down to just pure old JS (which you might favour or not).

Like others stated, you can access elements using dom methods. However, in some cases you need to wait until the DOM is actually loaded. For instance:


won't work, because the DOM is not ready yet. Instead wrap the selector in a 'mount' event listener like this:

    this.on('mount', function() {
Monday, September 27, 2021
answered 2 Months ago

This error is not a bug. The same-origin policy is a security mechanism that ensures that window objects only have access to the informations they are authorized to get. In your case, this includes having access to opened.location.

Upon creation, both tabs have the same origin, which allows the first one to access opened.location. But after the call to document.domain='', they don't anymore.

"What? But in both tabs, window.location.origin are identical"

Yes, but it is a little bit more complex. The origin is defined by the scheme/host/port tuple, see @TheUnknown's answer for more details. The scheme and host stay the same all along, and they're the one included in the string of window.location.origin.

The tricky thing to know is that any call to document.domain, including document.domain = document.domain, causes the port number to be overwritten with null, therefore causing a difference in the two tabs' origins, and preventing them from communicating informations like opened.location with one another, thus the error.

Informations extracted from MDN's guide on same-origin policy

Saturday, October 9, 2021
Scott Chantry
answered 2 Months ago

Due to the same-origin-policy your XHR approach won't work.

However, for HTTP authentication you can simply include the data in the url, i.e. the src of the <iframe>:

<iframe src="http://username:password@domain.tld/..."></iframe>

I think I don't have to mention that this should not be done if the login credentials are sensitive - they are likely to show up in the browser history.

Thursday, November 18, 2021
answered 2 Weeks ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :