Tell me about HTML/JavaScript iframe tags.
■What you want to do
I want to get html from iframe, but
I don't want you to retrieve the contents of the html (css or images).
■Detailed image
①
iframe
<iframe src="http://example.com/sample.html"></iframe>
↓
②
A web browser throws a GET request to http://example.com/sample.html
and
Reply back
↓
③
Load the response returned by the web browser into the DOM tree
↓
④
Web browser retrieves css and images from http://example.com/sample.html
Let me implement (1) and (2)
③
by interrupting the process before and after the .
④I don't want to be implemented.
■ Questions
What HTML/JavaScript implementation is required to achieve the above?
Please let me know.
■ I think
③
by triggering an event when
④Is it possible to disable ?I looked it up and found out that
There was an event called "DOMContentLoaded" after the DOM load was completed.
Can I use it well?
Also, by dynamically issuing tags, etc.,
I'm wondering if I can disable the acquired html.
Can I use it well?
Also, it catches all HTTP requests that occur in the browser and
I'm wondering if I can block the HTTP requests for css and images listed in http://example.com/sample.html
.
No other means are required.
Please let me know just a hint of how it can be realized.
DOMContentLoaded does not wait for external resources to load in the first place, not before they start loading external resources.In fact, when I made a breakpoint on DOMContentLoaded, some requests were already flying.
Also, to use the DOMContentLoaded event, you need to access the Document object, which is created in the middle of loading iframe.There is no event related to this, so you can monitor it with the timer and set the event as soon as it is created.
I waited for the head element to be created without using DOMContentLoaded to monitor the timer anyway, but it still seems that the resources are loaded...
By default, Javascript cannot do anything about the browser's communication capabilities.It's not only dangerous to intercept communications, but it can't just be blocked.
You can block resources from different origin using the sandbox attribute of the iframe element, but you cannot restrict the same origin.
On a page-by-page basis, Content Security Policy allows page authors to prevent unintended resource loading and execution.You can use HTTP headers and meta tags to whitelist, but This meta tag works even if you insert it in Javascript, but you must insert it before it starts loading.
The same goes for replacing the URL of an external resource with a dummy one through the DOM of iframe.However, if you don't want to see the communication even if it happens, you may be able to use this method.
You also need to have the same origin or CORS configuration in order to access the iframe DOM either by inserting a meta tag for CSP or removing external resources, so it would be easier to obtain only HTML from XMLHttpRequest if that condition is met.
The rest should be combined with a server-side program.
Instead of writing the URL directly on the iframe src, why don't you use JavaScript to get the source of http://example.com/sample.html
, remove the elements (link, src script, iframe, img) that communicate asynchronously, and then write them into the iframe?I think it's okay to erase only attributes such as src, not elements themselves.
© 2024 OneMinuteCode. All rights reserved.