Share via

Accessing Frames in the Managed HTML Document Object Model

  • Article

Some HTML documents are composed out of frames, or windows that can hold their own distinct HTML documents. Using frames makes it easy to create HTML pages in which one or more pieces of the page remain static, such as a navigation bar, while other frames constantly change their content.

HTML authors can create frames in one of two ways:

  • Using the FRAMESET and FRAME tags, which create fixed windows.

-or-

  • Using the IFRAME tag, which creates a floating window that can be repositioned at run time.

  1. Because frames contain HTML documents, they are represented in the Document Object Model (DOM) as both window elements and frame elements.

  2. When you access a FRAME or IFRAME tag by using the Frames collection of HtmlWindow, you are retrieving the window element corresponding to the frame. This represents all of the frame's dynamic properties, such as its current URL, document, and size.

  3. When you access a FRAME or IFRAME tag by using the WindowFrameElement property of HtmlWindow, the Children collection, or methods such as GetElementsByName or GetElementById, you are retrieving the frame element. This represents the static properties of the frame, including the URL specified in the original HTML file.

Frames and Security

Access to frames is complicated by the fact that the managed HTML DOM implements a security measure known as cross-frame scripting security. If a document contains a FRAMESET with two or more FRAMEs in different domains, these FRAMEs cannot interact with one another. In other words, a FRAME that displays content from your Web site cannot access information in a FRAME that hosts a third-party site such as http://www.adatum.com/. This security is implemented at the level of the HtmlWindow class. You can obtain general information about a FRAME hosting another Web site, such as its URL, but you will be unable to access its Document or change the size or location of its hosting FRAME or IFRAME.

This rule also applies to windows that you open using the Open and OpenNew methods. If the window you open is in a different domain from the page hosted in the WebBrowser control, you will not be able to move that window or examine its contents. These restrictions are also enforced if you use the WebBrowser control to display a Web site that is different from the Web site used to deploy your Windows Forms-based application. If you use ClickOnce deployment technology to install your application from Web site A, and you use the WebBrowser to display Web site B, you will not be able to access Web site B's data.

For more information about cross-site scripting, see About Cross-Frame Scripting and Security (https://msdn.microsoft.com/library/default.asp?url=/workshop/author/om/xframe\_scripting\_security.asp).

See Also

Other Resources

Using the Managed HTML Document Object Model
FRAME Element | frame Object