Prevent calling top frame' native methods from an iframe

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Prevent calling top frame' native methods from an iframe

Postby ldamis » Tue Apr 24, 2018 9:48 am

Hi everybody.

I try to explain myself better that I can...

I've implemented some native functions in C++ that can be called by Javascript and I've registered them with CefRegisterExtension in CefRenderProcessHandler::OnWebKitInitialized() method.
My purpose is to avoid that these function being called by an iframe inside the top frame.

For example.
My function in Javascript is triggered calling MyNativeFunction()
With this code I'm able to call this function from an iframe:

Code: Select all
if(window.parent)
{
   if(window.parent.MyNativeFunction)
   {
      window.parent.MyNativeFunction();
   }
}


I've tried deleting parent object (window.parent) when CefRenderProcessHandler::OnContextCreated() is called from a frame that is not Main Frame (!frame->IsMain()) and it works.

The question is: is there any other solution to get this result without deleting parent object in iframe window object?

Thanks in advance for any suggestions.
Last edited by ldamis on Thu Apr 26, 2018 7:59 am, edited 1 time in total.
ldamis
Techie
 
Posts: 33
Joined: Fri Jan 19, 2018 3:36 am

Re: Prevent calling top frame' native methods from an iframe

Postby magreenblatt » Tue Apr 24, 2018 1:35 pm

Use OnContextCreated and bind your functions in only the frames you want. See https://bitbucket.org/chromiumembedded/ ... gration.md
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Prevent calling top frame' native methods from an iframe

Postby ldamis » Thu Apr 26, 2018 4:32 am

magreenblatt wrote:Use OnContextCreated and bind your functions in only the frames you want. See https://bitbucket.org/chromiumembedded/ ... gration.md


Thanks for the answer, but it does not solve my problem.
I tried, but my native function is still callable from the iframe, via parent object.

I finally solved via C++ implementation of my native function in CefV8Handler::Execute

Code: Select all
current_context = CefV8Context::GetCurrentContext();
frame = current_context->GetFrame();

if (frame->IsMain()) {
   // Execute function
}
else {
   //do nothing
}
ldamis
Techie
 
Posts: 33
Joined: Fri Jan 19, 2018 3:36 am

Re: Prevent calling top frame' native methods from an iframe

Postby magreenblatt » Thu Apr 26, 2018 4:56 am

If the frames don't need to script each other you can use iframe sandbox attributes to isolate them: https://www.w3schools.com/tags/att_iframe_sandbox.asp
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Prevent calling top frame' native methods from an iframe

Postby ldamis » Thu Apr 26, 2018 5:36 am

magreenblatt wrote:If the frames don't need to script each other you can use iframe sandbox attributes to isolate them: https://www.w3schools.com/tags/att_iframe_sandbox.asp


Thank you. This information is very useful (I admit that I didn't remember that :? ).
ldamis
Techie
 
Posts: 33
Joined: Fri Jan 19, 2018 3:36 am

Re: Prevent calling top frame' native methods from an iframe

Postby ldamis » Thu Apr 26, 2018 7:33 am

I think I will mantain my solution, because, in my specific case, I do not write the HTML and Javascript code of the pages that I need to render.
If I understand well, I need that all iframes inside the page I run, should have "sandbox" attribute.

Injecting "sandbox" attributes to all possible iframes inside my target page could be a little trickier than my solution (even if I can do that in Javascript and not in C++).
Obviously that is only my opinion...
ldamis
Techie
 
Posts: 33
Joined: Fri Jan 19, 2018 3:36 am


Return to Support Forum

Who is online

Users browsing this forum: No registered users and 28 guests