Cross Site Scripting
So I had to do it today, I had two pages, in two unrelated domains (foo.com and bar.com) and I had to open a page from one and interact with it. Security constraints disallow this, unfortantely. There are all sorts of ways around it, mostly focusing on proxies, but I didn't want to get into that for a simple page, so I decided to write my own stupid method to do it.
From foo.com, the calling page:
var url = "http://www.bar.com/someImportantPage.castle?id=15"&onCloseRedirectTo=" + encodeURIComponent(window.location.href +
"&returnUrl="+ encodeURIComponent(window.location.href) ); window.open(url);
And using JS injection for the called page (I have some limited control there), I put:
if(window.opener) { var oldClose = window.close; window.close = function() { if(window.opener && window.returnValue ) { var url = decodeURIComponent($.getURLParam('onCloseRedirectTo')) + "&idToAdd=" + window.returnValue; window.opener.location.href = url; } oldClose(); }; }
And voila, it works. I'll leave the how as an excersize for the reader. Suffice to say that if you want to add a local iframe to the mix you can even get it to work in an "ajaxian" fashion.
Comments
Actually, I like the script-tag-injection pattern more.
browsers do not allow to do XHR requests to other domains.
however, if you dynamiclly add a <script> tag to your document, which points to another server, it's OK !
so you can point it to an action that would return a js response (hey - that's a brailjs case ..)
The problem here is not that the child document needs to let the parent document about some data. Not the other way around
ajaxflakes - Read all about the latest developments on web design 2.0 and ajax + lots of tips. TOP 100+ best Free Opensource Software for windows XP and Vista. Thought i should add it might be helpful to others… http://ajaxflakes.com
Comment preview