Communicating via javascript across domains

Craig wrote:

Hey all,

Here's the situation:

- two websites, one on domain1 and the other on domain2
- domain1 opens a new window which is a javascript app from domain2
- domain1 needs to communicate with the javascript app on domain2

The problem occurs in that last step. Browsers don't allow script access
across domains for security reasons, rightly so. Nonetheless, I still
need to communicate with the application. I can reload the window
passing the necessary commands through the url, but this is slow because
the whole javascript app must reload.

Anyone have any ideas about a way around this limitation that would be
semi-efficient, at least more efficient than reloading the app? Signing
the script isn't an option for cost reasons. I have control over both
sites, so I can do anything that needs to be done.

Regards,
Craig

Well, it is not a cross-browser solution, but if you use HyperText
Applications (HTA), you can bypass some security. I did something like
that when I wanted a DOM inspector for IE. Unfortunately HTA only works
in IE. I think there are similar browser-specific solutions for other
systems, but I dont know offhand. You can read more about HTA at:
http://msdn.microsoft.com/workshop/a...node_entry.asp

Brian

In article <Ce************ *******@news20. bellglobal.com> ,
craig@_netscene .org enlightened us with...

Anyone have any ideas about a way around this limitation that would be
semi-efficient, at least more efficient than reloading the app?

Cookies.
Not the best, but better than nothing.
--
--
~kaeli~
If a book about failures doesn't sell, is it a success?
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

> - two websites, one on domain1 and the other on domain2

- domain1 opens a new window which is a javascript app from domain2
- domain1 needs to communicate with the javascript app on domain2

The problem occurs in that last step. Browsers don't allow script access
across domains for security reasons, rightly so. Nonetheless, I still
need to communicate with the application. I can reload the window
passing the necessary commands through the url, but this is slow because
the whole javascript app must reload.

If the sites share a common domain, then you can make it work. For
example, if you have 'domain1.commom .com' and 'domain2.common .com', you
can put the following in the <head>s:

document.domain = 'common.com';

This will get around the same site rule.

http://www.crockford.com/

Le Wed, 04 Feb 2004 11:47:58 -0600, kaeli a écrit*:

In article <Ce************ *******@news20. bellglobal.com> ,
craig@_netscene .org enlightened us with...

Anyone have any ideas about a way around this limitation that would be
semi-efficient, at least more efficient than reloading the app?

Cookies.
Not the best, but better than nothing.
--

I think cookies have the same domain limitations than window object ones !

Douglas Crockford wrote:

- two websites, one on domain1 and the other on domain2
- domain1 opens a new window which is a javascript app from domain2
- domain1 needs to communicate with the javascript app on domain2

The problem occurs in that last step. Browsers don't allow script
access across domains for security reasons, rightly so. Nonetheless,
I still need to communicate with the application. I can reload the
window passing the necessary commands through the url, but this is
slow because the whole javascript app must reload.

If the sites share a common domain, then you can make it work. For
example, if you have 'domain1.commom .com' and 'domain2.common .com', you
can put the following in the <head>s:

document.domain = 'common.com';

This will get around the same site rule.

http://www.crockford.com/

They don't share a common domain, thanks though.

Patricio Stegmann wrote:

Le Wed, 04 Feb 2004 11:47:58 -0600, kaeli a écrit :

In article <Ce************ *******@news20. bellglobal.com> ,
craig@_netsce ne.org enlightened us with...

Anyone have any ideas about a way around this limitation that would be
semi-efficient, at least more efficient than reloading the app?

Cookies.
Not the best, but better than nothing.
--

I think cookies have the same domain limitations than window object ones !

Yup they do. Otherwise you'd have sites looking at all your cookies
trying to scrap information.

Brian Genisio wrote:

Craig wrote:

Hey all,

Here's the situation:

- two websites, one on domain1 and the other on domain2
- domain1 opens a new window which is a javascript app from domain2
- domain1 needs to communicate with the javascript app on domain2

The problem occurs in that last step. Browsers don't allow script
access across domains for security reasons, rightly so. Nonetheless,
I still need to communicate with the application. I can reload the
window passing the necessary commands through the url, but this is
slow because the whole javascript app must reload.

Anyone have any ideas about a way around this limitation that would be
semi-efficient, at least more efficient than reloading the app?
Signing the script isn't an option for cost reasons. I have control
over both sites, so I can do anything that needs to be done.

Regards,
Craig

Well, it is not a cross-browser solution, but if you use HyperText
Applications (HTA), you can bypass some security. I did something like
that when I wanted a DOM inspector for IE. Unfortunately HTA only works
in IE. I think there are similar browser-specific solutions for other
systems, but I dont know offhand. You can read more about HTA at:
http://msdn.microsoft.com/workshop/a...node_entry.asp

Brian

I've never heard of this. I'll look into it. Cross-browser
compabibility is important however, so I do need to cover my bases.

Thanks

>>> - two websites, one on domain1 and the other on domain2

- domain1 opens a new window which is a javascript app from domain2
- domain1 needs to communicate with the javascript app on domain2 The problem occurs in that last step. Browsers don't allow script
access across domains for security reasons, rightly so. Nonetheless,
I still need to communicate with the application. I can reload the
window passing the necessary commands through the url, but this is
slow because the whole javascript app must reload.

If the sites share a common domain, then you can make it work. For
example, if you have 'domain1.common .com' and 'domain2.common .com',
you can put the following in the <head>s: document.domain = 'common.com'; This will get around the same site rule.

They don't share a common domain, thanks though.

If you have control over one of the servers, you can have it act as a
client, snatching up the page from the other site, and then relaying it
to the browser itself.

http://www.crockford.com/

Craig <craig@_netscen e.org> wrote in message news:<Ce******* ************@ne ws20.bellglobal .com>...

Hey all,

Here's the situation:

- two websites, one on domain1 and the other on domain2
- domain1 opens a new window which is a javascript app from domain2
- domain1 needs to communicate with the javascript app on domain2

Craig

You could try to pass the information as a query string in the URL.

Youy could either assemble a query string with JS or use a hidden form
that submits using the get method.

In a web page in domain1:

<form name="myForm" action="http://domain2/page2.html" method="get"
target="whateve r">
<input name="x" value="" type="hidden">
<input name="y" value="" type="hidden">
</form>

To open the new window named "whatever" and pass over the info x=23
and y="abc":
document.myForm .x.value=23;
document.myForm .y.value="abc";
document.myForm .submit();

This should open the web page http://domain2/page2.html?x=23&y=abc
in the window called "whatever".

Alternatively assemble the query string above and use it as the url
for your window.open command.

In the web page http://domain2/page2.html you need to decode the
search string (and here's code based on "something I prepared
earlier").

var submission=self .location.searc h.substring(1,s elf.location.se arch.length);
// remove "?" at start of query string
var nameValuePairs = new Array();
var oneNameValuePai r = new Array();
var names = new Array();
var values = new Array();
var name;
var value;
var newName;
var punctuator="&"; // use "&" for query string or ";" for cookies
nameValuePairs = submission.spli t(punctuator); // split into
name=value pairs
for (var i in nameValuePairs) {
oneNameValuePai r = nameValuePairs[i].split('=');
// separate name and value
if (oneNameValuePa ir[0].length>0) { // if a name to left of = sign
name = unescape( oneNameValuePai r[0] ).split("+").jo in(" ");
value = unescape( oneNameValuePai r[1] ).split("+").jo in(" ");
// remove url encoding
newName = true;
for (var j in names) if (name == names[j]) newName = false;
if (newName) {
names[names.length] = name;
values[name] = value; // single value with this name
} else {
values[name] = values[name] +","+value;
// comma separated list of multiple values with this name
}
}
}

This gives (I hope) an array in domain2 web page called names
containing "x" & "y" and an associative array called values where
values["x"] is "23" and values["y"] is "abc".

I've taken the above code from something I've used/tested previously
but modified it without testing - CAVEAT EMPTOR.

Hope that's of some use.

Mark