SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Hybrid View

  1. #1
    SitePoint Guru DenverDave's Avatar
    Join Date
    Feb 2001
    Location
    Denver, Colorado
    Posts
    630
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Windows across domains

    Window1 opens Window2.

    If Window1 and Window2 are opened in the same domain I seem to be able to refer to objects in Window1 with the following JavaScript code in Window2:

    catchinfo = window.opener.document.form1.textarea1.value

    But if the Window2 is in a different domain from Window1, I don't seem to be able to access Window1's values from Window2. Is there anything to this or is something else likely going on?

    Completely puzzled.

  2. #2
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, that's how it's supposed to work, in order to keep everything secure. Otherwise you might put a link to http://my.yahoo.com/ and change the login form's action to go to a page on your website. Then when they submit the form with the username and password you could log it.
    ck :: bringing chris to the masses.

  3. #3
    SitePoint Guru DenverDave's Avatar
    Join Date
    Feb 2001
    Location
    Denver, Colorado
    Posts
    630
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmmm.... so for shared services... I guess we have to pass the information to the 2nd service a different way... form environment variable or something. Too bad since we also write back to the original window.

    Anyway to lower the security or identify the 2nd domain so the windows can be accessed?

  4. #4
    What? Maelstrom's Avatar
    Join Date
    Oct 2001
    Location
    Whistler BC originally from Guelph Ontario
    Posts
    2,175
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by DenverDave
    Hmmm.... so for shared services... I guess we have to pass the information to the 2nd service a different way... form environment variable or something. Too bad since we also write back to the original window.

    Anyway to lower the security or identify the 2nd domain so the windows can be accessed?
    I sure hope not. I wouldn't want to imagine the damage a hacker could do withan open 'window' like that
    Maelstrom Personal - Apparition Visions
    Development - PhP || Mysql || Zend || Devshed
    Unix - FreeBSD || FreeBsdForums || Man Pages
    They made me a sitepoint Mentor - Feel free to PM me or Email me and I will see if I can help.

  5. #5
    SitePoint Guru DenverDave's Avatar
    Join Date
    Feb 2001
    Location
    Denver, Colorado
    Posts
    630
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Would you mind describing the security issue a little more? If both open windows are on my PC and I can type anything I want into each - what is the harm in letting one window access the contents of the other window eventhough they were opened from different domains? Obviously the limitatin is there, it might just help settle my mind to have an example of what is being protected against.

    Dave

  6. #6
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I already gave you an example...

    The way around this is to alter your security settings and enable "access data sources across domains" or add the website to your list of trusted sites.
    ck :: bringing chris to the masses.

  7. #7
    SitePoint Guru DenverDave's Avatar
    Join Date
    Feb 2001
    Location
    Denver, Colorado
    Posts
    630
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are these IE settings?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •