Special cases when using <iframe>
Compare the three cases below by examining each of their window.location.origin and window.origin .
<iframe src="data:text/html, <script>alert(window.location.origin);alert(window.origin);</script>"></iframe>
<iframe srcdoc="<script>alert(window.location.origin);alert(window.origin)</script>"></iframe>
<iframe srcdoc="about:blank" sandbox"></iframe>
You will notice that it is possible for window.origin and window.location.origin to be null. In some cases, one could be null while the other can be a valid value.
window.origin is also set to null when it you are accessing from a local file, e.g file://file_path
Be First to Comment