Iframe content is a text not html code

Question

I have a problem with iframe. I added HTML code (string - I get that code from DB) in the <body> of iframe but I can't see that code as HTML, its just a string.

document.getElementById("iframe_with_content").ready(function() {
        (document.getElementById("iframe_with_content").contentWindow.document).write("<%= post.text %>");
        (document.getElementById("iframe_with_content").contentWindow.document).close();
});

score 2 · Answer 1 · answered Sep 17 '17 at 16:28

Include jQuery to your page, and

var data = $('<textarea />').html("<%= post.text %>").text();
document.getElementById("iframe_with_content").ready(function() {
        (document.getElementById("iframe_with_content").contentWindow.document).write(data);
        (document.getElementById("iframe_with_content").contentWindow.document).close();
});

Explanation: your data provided by <%= post.text %> was actually html-entity-encoded. So actually you've got something like sadasds<i>dasd....

Thank you so much! Tried a lot of things but only this one worked for me — Murat Colyaran, Oct 04 '21 at 18:13

score 0 · Answer 2 · answered Sep 17 '17 at 16:30

0

This can occur because of html escaping done by ejs try and check to see whether this works:

<%- post.text %>

Refer : How to escape HTML in node.js EJS view?

WARNING: Be careful using these functions please check XSS attacks

answered Sep 17 '17 at 16:30

Madhav Chaturvedi

573
5
14

Iframe content is a text not html code

2 Answers2