A
Andy Fish
Hi,
I have a situation where I want a customer to be able to embed my
functionality within their web site, a bit like a counter but more complex
because my functionality consists of several separate frames.
The idea is that the customer will set up several iframes embedded in their
web site, all pointing to the same server on which I'm hosting the service
(slightly different URLS). When the user clicks on one of my iframes, some
javascript happens which changes the view in all of my iframes (i.e.
navigates them to different URLs).
I found that by including a javascript file in the main window, this can be
called from one of the iframes and can manipulate the other iframes.
However, if the iframe the user clicks in is hosted on a different server
from the one owning the javascript, it cannot execute it. This will clearly
be the case in my scenario. Javascript running in one iframe cannot access a
different separate iframe even if it is on the same server.
I guess this is to prevent XSS attacks. In this case, I don't want to update
anything in the customer's window, but I want to be able to "own" several
iframes and have them talk to each other.
If anyone understands what I'm trying to achieve here, any ideas would be
appreviated. Second best would be a definitive statement that it's
impossible.
Andy
I have a situation where I want a customer to be able to embed my
functionality within their web site, a bit like a counter but more complex
because my functionality consists of several separate frames.
The idea is that the customer will set up several iframes embedded in their
web site, all pointing to the same server on which I'm hosting the service
(slightly different URLS). When the user clicks on one of my iframes, some
javascript happens which changes the view in all of my iframes (i.e.
navigates them to different URLs).
I found that by including a javascript file in the main window, this can be
called from one of the iframes and can manipulate the other iframes.
However, if the iframe the user clicks in is hosted on a different server
from the one owning the javascript, it cannot execute it. This will clearly
be the case in my scenario. Javascript running in one iframe cannot access a
different separate iframe even if it is on the same server.
I guess this is to prevent XSS attacks. In this case, I don't want to update
anything in the customer's window, but I want to be able to "own" several
iframes and have them talk to each other.
If anyone understands what I'm trying to achieve here, any ideas would be
appreviated. Second best would be a definitive statement that it's
impossible.
Andy