I load an iframe with src = "" on user's site to extract native constants such as Objects, Array etc. But I don't want anyone(specifically the user on whose website i am loading the iframe) to modify my src to prevent cross-site errors. I did some research and I was able to prevent src from being modified by -
Object.defineProperty(iframeElement,'src', {
writable: false
});
But the problem is user can still modify using .
iframeElement.setAttribute('src', value)
How to prevent someone from modifying through calling methods?
