Using Iframe we can embed webpages of another domain provided the X-Frame-Options isn't set to SAMEORIGIN. This also loads the cookie inside the iframe.
Now, one can access this cookie if it's in the iframe box using document.cookie. I wanted to ask if it's possible to send this cookie by mailing this to oneself (by writing a script inside the iframe tag).
My Opinion:
This is possible if we can write the script tag inside the iframe tag in the web-page. But it doesn't seem to work in my case.
We can also insert a script dynamically inside the iframe. I wanted to know if it's possible or not.
I think it might not work since the iframe loaded might overwrite all the content inside the iframe tag and the script tag might not work.
If this is the case then why there is a iframe closing tag at all. Can't it be only: iframe src="https://abc.def.com" tag to define iframes?