GitHub

iframe 與 window.open 黑魔法

是的,iframe 的 src 可以放 javascript: 開頭的這種格式,就可以直接執行 JavaScript 程式碼,達成 XSS。 順帶一提, <form> 的 action 跟 <a> 的 href 也都可以放,這個我在 接觸資安才發現我不懂前端 有稍微提到。
Houston Chronicle

JavaScript Cannot Get Elements From an iFrame

Retrieving elements from an iFrame can be complicated process due to cross-browser incompatibility. While one method might work for a user accessing your site with Internet Explorer, it may not work ...
GitHub

NorthDevelopers/North-Vue-iFrame-JS-SDK

This is a JavaScript application that uses the Vue framework and Node.js to demonstrate an embedded payment solution with North's iFrame JavaScript SDK. The full-stack code in this repository adds a ...