aspose file tools*
The moose likes HTML, CSS and JavaScript and the fly likes Capturing info. inside iframe Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "Capturing info. inside iframe" Watch "Capturing info. inside iframe" New topic
Author

Capturing info. inside iframe

Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
Hi,

I have deployed a webapplication 'CaptureIframe' on Tomcat 6. Inside that application, I have a page capture.jsp which opens an iframe with user selected sites.

For example -

There will be list box on capture.jsp containing 'n number of' sites like {google.com, yahoo.com etc.}.

On selection of google.com, iframe on capture.jsp will open google.com.

now is it possible to track what the user has done on google.com either thorugh javascript or tomcat sever logs ?

Thanks,
Neeraj.

Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
I don't think there is. The page in the iframe is independent from yours, you can neither manipulate it's content nor monitor it.


JDBCSupport - An easy to use, light-weight JDBC framework -
Sean Clark
Rancher

Joined: Jul 15, 2009
Posts: 377

Hey,

No you can't do that, I think it is a cross-domain security precaution.

Stops people from spoofing sites (such as a bank login) and then reading the data from the page or my login details as I typed them in.


I love this place!
Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
I think it's possible. maybe through caching of webcontent or javascript key/mouse events.

I think every request is routed and cached inside the proxy web server before reaching the app server {but not sure}


Few years back I was working on a production support project. I was asked to fix this problem where my web application was getting opened inside iframe of different domain application. Information typed inside the iframe was getting logged inside the third party website. It was revealed during security testing.

I put a javascript code inside header jsp to breakout of iframe, if my application was opening inside an iframe.I was able to found several scripts on google for detecting and iframe and breaking out of it.

Earlier I did not bother to ask, how the information was getting logged

Neeraj
Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
till now able to find out scripts for breaking out of <iframe>, but unable to find the reason why do people need to break out of iframe if there is no security concern from it

any pointers will be a great help.
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9317
    
  17

Doesn't look like a Servlet problem to me. I'll move it to the HTML and Javascripts forum.


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
Why would people want to break out of frames?

Would you want your site to look like it is part of someone else's site?


There is no way to track the user's actions in another domain with JavaScript. Your email and bank account are happy that is the case.

Eric

Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
This might work in case we want to cache through proxy server

http://www.ibm.com/developerworks/websphere/library/techarticles/0512_guminy/0512_guminy.html


I found few javascripts samlpe scripts on google, which can capture key and mouese events using javascript inside iframe, even if iframe website is from a different domain. But those sample were claiming to be working in few browsers only.

Regards,
Neeraj.
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
If you remove all of the security from your browser adn become a hackers dream, you can monitor anything you want in the iframe.

If you proxy everything, the pages may not work like they are supposed too.

Eric
 
 
subject: Capturing info. inside iframe