function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Cory CowgillCory Cowgill 

Visualforce Page - IFrame - Access DOM via Javascript - XSS Prevents - Any Workarounds?

I know this may be impossible due to XSS, but I'm curious if anyone has found a creative way around this type of issue.

 

 I have a requirement from the user. They want to be able to display some rather complicated reports on the dashboard.

 

The report cannot be used as a dataset to any of the standard Dashboard components due to complexity/limits (too many columns, etc). I know this goes against the true purpose of a Dashboard in that its not intended to be a full blown detail view, but user is insistent on this.

 

So I spent  5 minutes building a quick Visualforce Page, sticking a quick IFrame tag inside pointing to the report, and tried whipping up some quick and dirty JS to remove the header section from the Report Page. Obviously this won't work due to XSS and will throw an 'Access is Denied' error on the JS.

 

Has anyone come up with a solution to view report content only in a Visualforce Page? I tried the above approach, as well as passing some URL Parameters to the report page but so far not quite what I want. Ideally I need  a way to display the printable view of the report or just the report content DIV section in a VF Page.

 

Any ideas, feedback, or crazy off the wall suggestions are appreciated. Just need to make sure I get the due diligence done here.

 

------ VF PAGE CODE WHICH WILL NEVER WORK DUE TO XSS -----------

<apex:page sidebar="false" showHeader="false"> <iframe id="iFrame123XYZ" src="/XXXREPORTIDXXX"> </iframe> <script> function addLoadEvent(func) { var oldonload = window.onload; if (typeof window.onload != 'function') { window.onload = func; } else { window.onload = function() { if (oldonload) { oldonload(); } func(); } } } addLoadEvent(btnHideHeader); function btnHideHeader() { window.setTimeout(hdrHide,100); } function hdrHide() { window.frames[0].document.getElementById('AppBodyHeader').style.display="none"; } </script> </apex:page>

 

 

GoForceGoGoForceGo

Did you ever get this to work...I am hoping I can build a dashboard with reports in iframe and strip the header.

 

I know you built the customer portal dashboards based upon Google Charts...but salesforce standard reports would be nicer...