Cross Domain Scripting with Friendly Domains

[Jacob JKW]

Having read the CLJ FAQ and having done extensive Googling, I do
understand that in in general cross-domain iframe scripting is not
permitted. One issue I have not seen directly addressed, however, is
scripting across different but still "friendly" domains.

Essentially I'd like to send a signal from the child to the parent in
any form at all. I would think that there might exist a way to set some
variable or object property that could both be read by the parent and
written to by the child (or vice versa).

Am I just totally wrong?


Thanks,
Jacob.

 

[Randy Webb]

Jacob JKW said the following on 8/10/2006 8:27 PM:

Having read the CLJ FAQ and having done extensive Googling, I do
understand that in in general cross-domain iframe scripting is not
permitted. One issue I have not seen directly addressed, however, is
scripting across different but still "friendly" domains.

Yes, and those "friendly" domains are in your "Trusted Sites" list in IE.

Essentially I'd like to send a signal from the child to the parent in
any form at all. I would think that there might exist a way to set some
variable or object property that could both be read by the parent and
written to by the child (or vice versa).

Check into the Trusted Sites. That's for your browser. If you are
hunting some way to send a "signal" from two different domains in a
user's browser, give it up.

Am I just totally wrong?

That depends on what you think and what you are trying to do.

 

[Jacob JKW]

I've often thought there _should_ be a system for this - some extension the
browser object model that provided for a "public" scope which which you
could store information visible to anybody. But there isn't.

Even if it did work across all browsers it would almost definately have been
seen as a security bug and fixed to eliminate the (already very tenuous)
connection.

One thing you can do is consume script from another site. Although the
script itself is then considered "local" (it's run with the same privledges
as if it were loaded from the containing page's server) it can, of course,
contain "special" information from the other server.

I actually just found this site:
http://eng.professionalconsulting.ru/lab/ajaxextended/ and thought it
extremely cool.

 

[Martin Honnen]

Having read the CLJ FAQ and having done extensive Googling, I do
understand that in in general cross-domain iframe scripting is not
permitted. One issue I have not seen directly addressed, however, is
scripting across different but still "friendly" domains.

Essentially I'd like to send a signal from the child to the parent in
any form at all. I would think that there might exist a way to set some
variable or object property that could both be read by the parent and
written to by the child (or vice versa).

Opera 8 and 9 has support for this API
<http://www.whatwg.org/specs/web-apps/current-work/#crossDocumentMessages>
here is a simple example
<http://home.arcor.de/martin.honnen/javascript/2006/08/test2006081301.html>
using that API to send a message with script in a document on
home.arcor.de to the document in the iframe which sits on
www34.brinkster.com.

The upcoming Firefox 2.0 will support this API
<http://www.whatwg.org/specs/web-apps/current-work/#scs-client-side>
that exposes a global storage based on domain parts.


Of course none of that currently helps far on the web if you expect
visitors with all sorts of browsers.