Invoking JavaScript code in an iframe from the parent page

Invoking JavaScript code in an iframe from the parent page

Basically, I have an iframe embedded in a page and the iframe has some JavaScript routines I need to invoke from the parent page.
Now the opposite is quite simple as you only need to call parent.functionName(), but unfortunately, I need exactly the opposite of that.
Please note that my problem is not changing the source URL of the iframe, but invoking a function defined in the iframe.

Solutions/Answers:

Solution 1:

Assume your iFrame’s id is “targetFrame” and the function you want to call is targetFunction():

document.getElementById('targetFrame').contentWindow.targetFunction();

You can also access the frame using window.frames instead of document.getElementById.

// this option does not work in most of latest versions of chrome and Firefox
window.frames[0].frameElement.contentWindow.targetFunction(); 

Solution 2:

There are some quirks to be aware of here.

  1. HTMLIFrameElement.contentWindow is probably the easier way, but it’s not quite a standard property and some browsers don’t support it, mostly older ones. This is because the DOM Level 1 HTML standard has nothing to say about the window object.

  2. You can also try HTMLIFrameElement.contentDocument.defaultView, which a couple of older browsers allow but IE doesn’t. Even so, the standard doesn’t explicitly say that you get the window object back, for the same reason as (1), but you can pick up a few extra browser versions here if you care.

  3. window.frames['name'] returning the window is the oldest and hence most reliable interface. But you then have to use a name="..." attribute to be able to get a frame by name, which is slightly ugly/deprecated/transitional. (id="..." would be better but IE doesn’t like that.)

  4. window.frames[number] is also very reliable, but knowing the right index is the trick. You can get away with this eg. if you know you only have the one iframe on the page.

  5. It is entirely possible the child iframe hasn’t loaded yet, or something else went wrong to make it inaccessible. You may find it easier to reverse the flow of communications: that is, have the child iframe notify its window.parent script when it has finished loaded and is ready to be called back. By passing one of its own objects (eg. a callback function) to the parent script, that parent can then communicate directly with the script in the iframe without having to worry about what HTMLIFrameElement it is associated with.

Solution 3:

Calling a parent JS function from iframe is possible, but only when both the parent and the page loaded in the iframe are from same domain i.e. abc.com, and both are using same protocol i.e. both are either on http:// or https://.

The call will fail in below mentioned cases:

  1. Parent page and the iframe page are from different domain.
  2. They are using different protocols, one is on http:// and other is on https://.

Any workaround to this restriction would be extremely insecure.

For instance, imagine I registered the domain superwinningcontest.com and sent out links to people’s emails. When they loaded up the main page, I could hide a few iframes in there and read their Facebook feed, check recent Amazon or PayPal transactions, or–if they used a service that did not implement sufficient security–transfer money out of their accounts. That’s why JavaScript is limited to same-domain and same-protocol.

Solution 4:

In the IFRAME, make your function public to the window object:

window.myFunction = function(args) {
   doStuff();
}

For access from the parent page, use this:

var iframe = document.getElementById("iframeId");
iframe.contentWindow.myFunction(args);

Solution 5:

If the iFrame and the containing document is on a different domain, the methods previously posted might not work, but there is a solution:

For example, if document A contains an iframe element that contains document B, and script in document A calls postMessage() on the Window object of document B, then a message event will be fired on that object, marked as originating from the Window of document A. The script in document A might look like:

var o = document.getElementsByTagName('iframe')[0];
o.contentWindow.postMessage('Hello world', 'http://b.example.org/');

To register an event handler for incoming events, the script would use addEventListener() (or similar mechanisms). For example, the script in document B might look like:

window.addEventListener('message', receiver, false);
function receiver(e) {
  if (e.origin == 'http://example.com') {
    if (e.data == 'Hello world') {
      e.source.postMessage('Hello', e.origin);
    } else {
      alert(e.data);
    }
  }
}

This script first checks the domain is the expected domain, and then looks at the message, which it either displays to the user, or responds to by sending a message back to the document which sent the message in the first place.

via http://dev.w3.org/html5/postmsg/#web-messaging

Solution 6:

Just for the record, I’ve ran into the same issue today but this time the page was embedded in an object, not an iframe (since it was an XHTML 1.1 document). Here’s how it works with objects:

document
  .getElementById('targetFrame')
  .contentDocument
  .defaultView
  .targetFunction();

(sorry for the ugly line breaks, didn’t fit in a single line)