4

I am trying to access the body of the document from an iframe. I the body I want to get the src value of another iframe.

<iframe src="https://putstream.com/movie/oblivion?watching=RaHP6KwPJ8prB0MfMlhJiYYwW" allowfullscreen="true" webkitallowfullscreen="true" mozallowfullscreen="true" style="height: 820.5px;"> 
#document
    <html lang="en">
        <head><style class="vjs-styles-defaults">
        </head>

        <body>
            <iframe id="openloadIframe" allowfullscreen="" webkitallowfullscreen="true" mozallowfullscreen="true" style="width:100%;height:100%;" src="https://openload.co/embed/bbhP94t0548"></iframe>   
        </body>
    </html>

My Attempts:

var oiframe = document.getElementsByTagName('iframe')[1];       //accessing the first iframe
var sif = oiframe.getElementById('openloadIframe').src; //getting the actual content 
var ifc = oiframe.contentWindow.getElementById('openloadIframe').src;   //at this point I just tried to get it working
var ifhtml = oiframe.contentWindow.document.body.innerHTML.getElementById('openloadIframe').src;

None of these work and I found nothing else how I could access the content of #document.

Morpheus0x
  • 41
  • 4
  • See [this answer](https://stackoverflow.com/a/4733708/3091398). This may help you. – CodeIt Jun 25 '17 at 11:55
  • None of this will work if the first iframe is not on same domain as your page. The *same origin policy* restricts access for security reasons – charlietfl Jun 25 '17 at 11:58
  • @charlietfl Does the src value indicate if an iframe is on another domain? – Morpheus0x Jun 25 '17 at 12:45
  • @CodeIt This also doesnt work: `var oiframe = document.getElementsByTagName('iframe')[1];` `var ifhtml = parent.oiframe.contentWindow.document.body.innerHTML.getElementById('openloadIframe').src;` or am I getting something wrong? – Morpheus0x Jun 25 '17 at 12:46
  • Is the page you include the iframe in on `https://putstream.com`? If it is not you can't get inside that iframe – charlietfl Jun 25 '17 at 13:19
  • @charlietfl No, the origin website of this HTML code is `https://putlocker9.is/`. Is it possible to bypass the same origin policy? Clearly someone must have thought about this, so I dont think it's easy. How does it protect the HTML code from another Website? I mean it couldn't be that hard to "lookup" the HTML from a linked website – Morpheus0x Jun 25 '17 at 15:23

0 Answers0