![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
elfsI have acheived EVIL! EVIL, I tell you! I have successfully created a cross-domain communications channel between a page and a contained iframe even when the domains are not cooperating!
The trick involves javascript injection into the host (in the sense of "parasite and host") browser frame using a bookmarklet, which then starts running a tight-loop timer that watches the ANCHOR portion of the URL.
The parasite frame can then manipulate the ANCHOR portion of the URL, to which it has access with its initialized document.referer. As it does so, the infected host frame checks the ANCHOR every 10 milliseconds, then changes the ANCHOR back (to hide its activities) and uses that change as an ACK to the parasite, which can then send another message.
Using prefix codes, the infected host and parasite browser frames can communicate with each other. Depending upon the length of the URL, you have about a half-kilobyte of bandwidth-- not much it seems, but more than enough for a URL, a title, and maybe some metadata.
I'll hack up an example and post it to the technical blog sometime soon.
Wheee!
The trick involves javascript injection into the host (in the sense of "parasite and host") browser frame using a bookmarklet, which then starts running a tight-loop timer that watches the ANCHOR portion of the URL.
The parasite frame can then manipulate the ANCHOR portion of the URL, to which it has access with its initialized document.referer. As it does so, the infected host frame checks the ANCHOR every 10 milliseconds, then changes the ANCHOR back (to hide its activities) and uses that change as an ACK to the parasite, which can then send another message.
Using prefix codes, the infected host and parasite browser frames can communicate with each other. Depending upon the length of the URL, you have about a half-kilobyte of bandwidth-- not much it seems, but more than enough for a URL, a title, and maybe some metadata.
I'll hack up an example and post it to the technical blog sometime soon.
Wheee!
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2010-01-05 06:26 am (UTC)