恐怕您没有任何其他选择，无论如何插入iframe。要破解iframe***，您可以采用以下技术：

• 如果iframe被 X- Frames-Option：DENY ，只需使用 webRequest API删除标题 - 参见浏览Chrome扩展中的X-Frame-Options DENY？。



• 如果frame buster使用类似于/ b
  
  

    if（top！== self）{ 
   top.location.href = location.href; 
  } 
   

  然后通过设置 sandbox 属性：

  var frame = document.createElement（'iframe'）; 
 frame.sandbox ='allow-scripts'; 
 frame.src ='data：text / html，< script>'+ 
'if（top！== self）{top.location.href = location.href;}'+ 
'alert（（运行其余代码））;'+ 
'< / script>'; 
 document.body.appendChild（frame）; 
 

导航将被阻止，不会引发任何错误。但是，以下消息会记录到控制台：

不安全的JavaScript尝试启动带有URL的框架的导航（...页面...）'从URL'（...的框架URL）'。尝试顶层窗口导航的框架已经过沙盒处理，但'allow-top-navigation'标志没有设置。

>

这些方法始终有效，除非：

• 页面包含< meta http-equiv =X-Frame-Optionscontent =deny> 。


• 帧清除脚本实现为 if（top === self）{/ * run code * /}

在这些情况下，除了打开新选项卡，阅读其内容，然后关闭它之外，没有别的选择。请参阅 chrome.tabs.create 和 chrome.tabs.remove 。

Is there a way to load a page, hidden from the user?

I can't use an iframe in a background page, because the page has frame-busting techniques.

I can't use an XHR, because the page has AJAX - I need its (dynamically generated) DOM.

I'm afraid that you don't have any other option than inserting the iframe anyway. To bust the iframe buster, you can employ the following techniques:

• If the iframe is blocked by the X-Frames-Option: DENY, just remove the header using the webRequest API - see Getting around X-Frame-Options DENY in a Chrome extension?.

• If the frame buster uses something like

  if (top !== self) {
      top.location.href = location.href;
  }
  

  Then block the scripted navigation by set the sandbox attribute on the iframe:

  var frame = document.createElement('iframe');
  frame.sandbox = 'allow-scripts';
  frame.src = 'data:text/html,<script>' +
      'if (top !== self) { top.location.href = location.href;}' +
      'alert(" (runs the rest of the code) ");' + 
      '</script>';
  document.body.appendChild(frame);
  

  Navigation will be blocked without throwing any errors. The following message is logged to the console though:

  Unsafe JavaScript attempt to initiate navigation for frame with URL '(...URL of top page...)' from frame with URL '(....URL of frame..)'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.

These methods will always work, unless:

• The page contains <meta http-equiv="X-Frame-Options" content="deny">.
• The frame busting script is implemented as if (top === self) { /* run code*/ }

In these cases, you have no other option than opening a new tab, read its content, then close it. See chrome.tabs.create and chrome.tabs.remove.