JavaScript Snippet - Query For Accessible IFRAMEs

Posted at

IFRAMEs with SRC attribute such as about:blank or javascript:true are called orgin-free IFRAMEs,
IFRAMEs whom which loads a page, which enables the CORS headers, are called origin-permissive.

Both kinds allow accessing the internal document element from another domain (such as the main-page),
If you ever wonder how to get a list of those documents from your-own page, the easy answer is you have to try and it out figure-out later.

This snippet tries (silently) to access the document of every IFRAME it finds under the input-window object,
and returns a list of those where it manage to do so, successfully.

function get_document(win){
var doc = null;
try{
doc = win.document || win.contentDocument || win.contentWindow.document; /* try access reference of document */
}catch(err){}
return doc;
}

function get_accessible_iframes(win){
win = "undefined" === typeof win ? self : win; /* normalize input */

return win.document.querySelectorAll("iframe").filter(function(iframe){
return null !== get_document(iframe);
});
}

/*
get_accessible_iframes(); // same as 'get_accessible_iframes(self);'
get_accessible_iframes(top);
*/


also available in this here: https://gist.github.com/eladkarako/2e2450fe6b2b01b3263f342519f5cd87