Cross Site Scripting
So I had to do it today, I had two pages, in two unrelated domains (foo.com and bar.com) and I had to open a page from one and interact with it. Security constraints disallow this, unfortantely. There are all sorts of ways around it, mostly focusing on proxies, but I didn't want to get into that for a simple page, so I decided to write my own stupid method to do it.
From foo.com, the calling page:
var url = "http://www.bar.com/someImportantPage.castle?id=15"&onCloseRedirectTo=" + encodeURIComponent(window.location.href +
"&returnUrl="+ encodeURIComponent(window.location.href) ); window.open(url);
And using JS injection for the called page (I have some limited control there), I put:
if(window.opener) { var oldClose = window.close; window.close = function() { if(window.opener && window.returnValue ) { var url = decodeURIComponent($.getURLParam('onCloseRedirectTo')) + "&idToAdd=" + window.returnValue; window.opener.location.href = url; } oldClose(); }; }
And voila, it works. I'll leave the how as an excersize for the reader. Suffice to say that if you want to add a local iframe to the mix you can even get it to work in an "ajaxian" fashion.

Comments
Comment preview