Okay...I'm completely confused.

My client has a web application that he subscribes to that is IP sensitive...in otherwords, will only logon from his office.

He wants me to screen-scrape data out of that application and put it in a database for him.

The approach I was thinking about was using Javascript to do the logon, navigation to the data ladden page and scraping from a hidden (or not hidden) IFRAME. I'm happy to use a child window if that works. The catch is it has to be client side since it has to be from a specific machine (not a server outside the domain).

Step 1: Open remote URL in IFRAME
Step 2: Change the form elements for ID & PW in the IFRAME
Step 3: Submit the IFRAME logon form & wait for reponse
Step 4: Click on a specific link on the returned page (gets the report parms)
Step 5: Enter a single data field (in this case SSN) & submit the new form
Step 6: Screen scrape all of the resulting HTML (it is a report)

The problem I'm having is that I can't manipulate the DOM beyond the IFRAME element. In otherwords, the content inside the IFRAME from the datasource simply can not be found or interacted with.

I have a feeling this has something to do with Cross-Site scripting and IE 7's attempt to cut down on phishing.

My test code works well if the main window and the sub-window are from the same domain...but once the sub-sindows content (via src='') is from a different domain, nothing.

IDEAS PLEASE!!!

Is there something I can do to the browser settings to work around this?
Is there a different browser that doesn't have this limitations?
Is there a different approach such as using child windows?

SAMPLE:

If the SRC is the same domain as the sample code...it works.

<html>
<head>
<script language="javascript">
function getinfo() {
//Gets object reference of the IFRAME so I can work with it
myiframe = window.parent.top.document.getElementById("myifram e");
alert ("Iframe Object:"+myiframe);
//Show src of iframe
alert ("Ifram SRC:"+myiframe.src);
//Will show the value of the first field in the first form
alert (myiframe.document.forms[0].elements[0].value);
}
</script>
</head>
<body>
<a href="#" onclick="getinfo()">Show IFRAME Info</a>
<br><br>
<iframe src="http://www.msn.com" width="700" height="400" id="myiframe"></iframe>
</body>
</html>

As far as I know, you will bump in this issue with any browser, because what you seek to achieve is prohibited by every browser used today, to prevent keylogger and pishing risks.

There is just 1 thing I'm not sure I have understood (I'm not a native English speaker), do you need to save the HTML of every pages of the site, or do you need something else.
If you need to save the HTML locally, you can try to look upon httracks.
It records every pages that the browser can reach locally (or mirror them, if you preffer) and you would have the desired effect.
There is a Firefox plugin available, so if you login from firefox, and try to mirror the site from the same session, it should not bother upon the login.

Or you could do the same using PHP and CURL, but this would be a lot of work, to get it working on every pages...

I was afraid someone was going to say that. ARGH!!

I didn't want to use CURL and PHP because it means I would have to install a server in their intranet (so the IP addressing will work).

The problem is I'm trying to automate the collection of the data frm the other site rather than just keep a cache. But in general, yes...once I get to the target page I want to get a copy of the entire HTML source and parse it for the data I need to extract...though I don't need images, scripts or anything else on that site.

Any other ideas? Like using CURL & PHP remotely in combination with AJAX/JS? Or maybe I have to write my own ActiveX Control?

You can install a windows php package (like xampp) and run a php script from your client computer. It's not that heavy...
But sorry, I don't have no idea how to make it from a pure browser side...