Feb 03 2009

Javascript : Iframe : Cross domain scripting

Tag: web developmentvish @ 5:30 pm

Probelm :- Your page with domainA.com has an iFrame of domainB.com. You have some task, that needs you to call a javascript function in main page (domainA.com) from iFrame (domainB.com).

Hack :- I googled and found two solutions, both work for most common browsers but both have some limitations. ( Obiously its a security issue )

  1. First one I found at pipwerks. For it to work you must have access to web directory of parent frame (domainA). You need to upload a file there (proxy.html). According to it, you can put nested iframe from domainA into domainB. And call a function from this iframe instead, using top.functionName
  2. Other hack is from tagneto. To use this, you need to change parent.location adding a hash(#) to it. This won’t reload the page and hence it works. Here is a test page as well. See the source of test page and embedded iframe to check how it works.

If you know about any others? Lemme know.

Update :- approach 2 has some issues with IE7, its fixed here.

Tags: crossdomain, javascript, web development

Sep 10 2008

crossdomain scripting : flash

Tag: flashvish @ 5:48 pm

If you are using dynamic data loading in flash, you might want to get data from remote servers. Flash doesn’t allows to access data from another domain, unless a cross domain policy is present on that server. The filed is names crossdomain.xml and should be present in document root. Here is an example on how a sample crossdomain.xml file looks :

Code:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="www.yoursite.com" />
  <allow-access-from domain="yoursite.com" />
</cross-domain-policy>

Flash first loads this file before making any request to that server. In case this request fails a Security Sandbox error is thrown and flash dosn’t connects the same server again unless the swf reloads.

If you are trying to load an external swf present in other domain (usually applicable in case of overlay plugins), you must add Security.allowDomain in as3 code, which enables scripting this swf from other domains.

Code:
import flash.system.Security;
Security.allowDomain("*");

More detailed info on how to handle security issues in flash here.

Tags: crossdomain, dynamic loading, flash