Here a version that works for cross origin requests. <iframe hidden name=xhtmz o... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

h43z on Feb 19, 2024 | parent | context | favorite | on: Show HN: htmz – a low power tool for HTML

Here a version that works for cross origin requests.

  <iframe hidden name=xhtmz onload="onmessage=x=>document.querySelector(x.data.target).innerHTML=x.data.content"></iframe>

but website you are requesting has to embed the below script tag.

  <u id=t>just some other text</u>
  
  <script>
  parent.postMessage({
    target:location.hash,
    content:b.outerHTML
  },'*')
  </script>

You would still set the DOM destination on the main page.

  <a href="https://xorigin.com#view" target=xhtmz>dog</a>
  <div id=view></div>

chatmasta on Feb 19, 2024 [–]

Careful with that snippet, targetOrigin of * is dangerous. I could embed your iframed content on my own site and then you'd happily send me the entire HTML inside the iframe.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact