I am writing a set of controls in HTML & JS which I am using to extend the functionality of a site I use but do not control. I've loaded the site in an iframe to control it via the controls hosted on localhost. The page being loaded has its own scripts, which include a mechanism which climbs up the window tree until it's at the top window and attempts to run its subsequent code in that context, resulting in a message akin to "Permission denied [...] on cross-origin object".
I'm not clear on what I can do (if anything) in Firefox, Chrome et al to work around this. How would I trick the content I'm loading in the iframe into believing its whole world is only there in the frame, so that window.parent returns itself from the frame's context?
This is dangerous behavior, but, assuming you're set on the setup you've got now, probably the simplest thing to do is get to the topmost window in your nested page and then iterate back downward as long as some condition of the window doesn't match what you expect - e.g.
window.location.hostnot being your app's typical host.