I am trying to create an ad which throws a lightbox, but the ad itself is going to be placed either inside an iframe and/or injected to the site (not the same domain). Some sites will have it inside an iframe and some just on the site as is. I will not have control over the site where the ad is going to be placed.
I know I can use the postMessage() to send data from within the iframe and do commands on the parent window with the received data, but I can't place any code on the parent window. Is there a universal solution that works in both scenerios? I want to push some contents to the parent window.
This code does exactly what I am asking, but I don't know how it's doing it:
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=17085731&PluID=0&w=1&h=1&ord=[timestamp]&ucm=true&ncu=$$%c$$"></script>
<noscript>
<a href="%chttp%3A//bs.serving-sys.com/BurstingPipe/adServer.bs%3Fcn%3Dbrd%26FlightID%3D17085731%26Page%3D%26PluID%3D0%26Pos%3D67849382" target="_blank"><img src="%%VIEW_URL_ESC%%.http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=17085731&Page=&PluID=0&Pos=67849382" border=0 width=1 height=1></a>
</noscript>
If the code is inside a frame/iframe and you do not have access to the parent frame/window and the parent frame/window has no API setup via postMessage() to load pop-over/lightbox then the answer is no.
The only time you could do this is when a friendly iFrame (same domain as parent frame/window) is used or a workaround is done to allow access to the parent frame/window. Note that even if this is done and you access and alter the parent you may anger the publisher or owner of the site the frame is on if they are not expecting what you are trying to add or if you intentionally or unintentionally alter their site or stylesheet in any way or inject scripts that may be malicious. If you do that repeatedly you may also get banned by any networks you are sending your ads through.
If SafeFrame is used you will not be able to do that. SafeFrame is designed to prevent advertisers from altering the top level window/frame it provides an API to expand the ad if it is an expandable ad type but there is no popover in the SafeFrame API.
If you wish to test if you have access to the parent/top frame/window you can try:
For top frame/window:
try { window.top.location.href } catch(e) {
// Exception was thrown meaning you do not have access to the top window/frame!
}
For parent (may not be the top-most) frame/window:
try { window.parent.location.href } catch(e) {
// Exception was thrown meaning you do not have access to the parent window/frame!
}