TL DR: Is it possible to disable XSS protection in Internet Explorer in a controlled environment so that I can manipulate the DOM inside IFRAMES?
I create a kiosk for our public computers in our reception area, which allows our users to browse our website, as well as several other sites related to the local government (which help in planning, creating licenses, etc.).
The kiosk application itself consists of a menu at the top and an iframe at the bottom - the intention is that there is always a menu and allows users to select another site, log out, print, etc. Therefore, why the sites they are viewing will be displayed in an iframe.
Some of these websites (ours included *) make PDF files and external links open in a new browser window. Obviously, this will break the "kiosk". I want to know that this is the way I can get around XSS protection that prevents you from changing the DOM IFRAME so that I can make these windows open in the current IFRAME
Please understand that I do not want to “block” pop-ups, it just has a greater degree of control over the behavior of the browsing session.
Also note: this application is designed to work in a well-known environment in which we are in full control (i.e. do not like to work in the wild). Therefore, any suggestions that require plug-ins, registry hackers or third-party applications are A-OKAY :)
* , , , ,