Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
  • Guest, before posting your code please take these rules into consideration:
    • It is required to use our BBCode feature to display your code. While within the editor click < / > or >_ and place your code within the BB Code prompt. This helps others with finding a solution by making it easier to read and easier to copy.
    • You can also use markdown to share your code. When using markdown your code will be automatically converted to BBCode. For help with markdown check out the markdown guide.
    • Don't share a wall of code. All we want is the problem area, the code related to your issue.


    To learn more about how to use our BBCode feature, please click here.

    Thank you, Code Forum.

Node.JS Checking for iframes

malc_b

malc_b

Coder
I have some stuff I'm working on using node, express and ejs. It's ticking along alright. The basic premise is that the routes for pages all include certain navigation elements with the story element in the middle section. What I'm trying to do now is to let that middle section be loaded into an iframe on someone else's site without any of the nav stuff. My idea was to have the express code check if the request for the route is from a user (either by directly accessing the page or via a link from the navigation section) or from any other site by way of iframe. Is there a way to do this without adding extra to the link from the external iframe? TIA
 
Sort by date Sort by votes
malc_b said:
I have some stuff I'm working on using node, express and ejs. It's ticking along alright. The basic premise is that the routes for pages all include certain navigation elements with the story element in the middle section. What I'm trying to do now is to let that middle section be loaded into an iframe on someone else's site without any of the nav stuff. My idea was to have the express code check if the request for the route is from a user (either by directly accessing the page or via a link from the navigation section) or from any other site by way of iframe. Is there a way to do this without adding extra to the link from the external iframe? TIA
Click to expand...
Hi there @malc_b

If I may ask, what is the purpose for this? Is there a particular reason why you would need to load said pages onto someone else's site? Asking because this opens up the external site for potential security vulnerabilities.
 
Upvote 0 Downvote
Tbh it was just an idea that came to me in terms of being able to load the content to another site (perhaps to another version of my own or perhaps another). The content window on the remote site would just be a frame with the source page displayed. The source page itself is partly ejs template and some js to perform a calculation, with out any saving or similar. If you think there are security issues could you perhaps identify some examples for me as I'm a little naive on that front.
 
Upvote 0 Downvote
malc_b said:
Tbh it was just an idea that came to me in terms of being able to load the content to another site (perhaps to another version of my own or perhaps another). The content window on the remote site would just be a frame with the source page displayed. The source page itself is partly ejs template and some js to perform a calculation, with out any saving or similar. If you think there are security issues could you perhaps identify some examples for me as I'm a little naive on that front.
Click to expand...
Right off the bat, I can tell you if you would like to add your content on someone else's site, you would definitely need to reach out to the site owner(s) and/or developers in order to get their permission to do so. As far as security vulnerabilities are concerned, that would technically be an HTML injection attack. You would be injecting your own html onto the iframe of someone else's site. If you are adding any scripts onto that html, then that would be a Cross Site Scripting (XSS) attack. Again, these are just two vulnerabilities that I can see right off the bat without seeing any code. As I mentioned before, your best bet is to reach out to the site owner/devs and get permission to either have you provide the content you would like to see on there, and they add it in, or provide them with an api endpoint that will provide the content.
 
Upvote 0 Downvote
I see where you are coming from with that but I may have been a little less than clear. It wasn't to try and add my own stuff to someone's site without permission but to allow them to use the content from mine on their own via the frame.
As for ths XSS i came up against that nightmare while trying to split the template layouts for the content from the calculations that were initially held on another domain. MOst of the stuff I've seen on APIs are mainly geared at returning or adding records to a database or similar. The APi I designed was to return an object of a big stack of variables. Is there a way to return the html and js of a webpage via an API (I couldn't even visualize the idea tbh!)
 
Upvote 0 Downvote
malc_b said:
I see where you are coming from with that but I may have been a little less than clear. It wasn't to try and add my own stuff to someone's site without permission but to allow them to use the content from mine on their own via the frame.
As for ths XSS i came up against that nightmare while trying to split the template layouts for the content from the calculations that were initially held on another domain. MOst of the stuff I've seen on APIs are mainly geared at returning or adding records to a database or similar. The APi I designed was to return an object of a big stack of variables. Is there a way to return the html and js of a webpage via an API (I couldn't even visualize the idea tbh!)
Click to expand...
Here's something to get you started on that :)

Rendering HTML Pages as an HTTP Server Response Using Node.js

In this article, we will consider the various approaches to rendering an HTML page. We will create a Node.js server using Express.js and render the HTML page an HTTP server response.
www.section.io www.section.io
 
Upvote 0 Downvote

New Threads

Latest posts

Share this page

Buy us a coffee!

DataCamp Advertisement
Code Academy Advertisement

About Us

Code Forum is a community platform where coding enthusiasts can connect with other developers, engage in discussions, ask for help, and share their knowledge with a supportive community. It's a perfect place to improve your coding skills and to find a community of like-minded individuals who share your passion for coding.

Site links

Stay Connected

Back
Top Bottom