[BNM] javascript question

AndrewGill73@gmail.com andrewgill73 at gmail.com
Fri Feb 13 14:02:03 GMT 2009 

Just to say thanks. I've followed Alastair's advice and it's working well.

cheers,
Andy Gill



2009/2/12 Alastair James <al.james at gmail.com>:
> Of course you should also escape the query string in the script:
> var iframe_url = 'http://iframedomain.com/iframe?url='+url+'&title='+title;
>
> becomes:
>
> var iframe_url = '
> http://iframedomain.com/iframe?url='+escape(url)+'&title='+<http://iframedomain.com/iframe?url='+url+'&title='+title>
> escape( <http://iframedomain.com/iframe?url='+url+'&title='+title>title)<http://iframedomain.com/iframe?url='+url+'&title='+title>
> ;
>
> Al
>
> 2009/2/12 Alastair James <al.james at gmail.com>
>
>> Yes, as paul said this is a cross domain error. An iframe cant access its
>> parent if the iframe is showing content from a different domain (and
>> visa-versa).
>> In effect, the only time the containing page can pass info to the iframe is
>> when it loads it. I.e. append information to the url used for the iframe
>> content. E.g.
>>
>> <iframe src="
>> http://iframedomain.com/iframe?url=http://thispagedomain.com/...&title=Page+Title
>> "></iframe>
>>
>> And then get the information from the query string in the iframe script.
>>
>> However, I suspect that you dont have access to the containing page to make
>> this work.
>>
>> If you are including the iframe in the parent page with javascript, you are
>> in luck:
>>
>> ---code---
>> var title = document.title;
>> var url = window.location.href;
>> var iframe_url = 'http://iframedomain.com/iframe?url='+url+'&title='+title
>> ;
>>
>> var escript = 'script>';
>> var html = '<script src="'+iframe_url+'"></'+escript;
>>
>> document.write(html);
>> ---code---
>>
>> Note that its necessary to split the </script> part up (using the escript
>> variable) to avoid parsing errors on some browsers...
>>
>> Hope that helps!
>>
>> Al
>>
>> 2009/2/12 paul perrin <paul at idltd.com>
>>
>> I haven't played around with cross domain scripting since I found a
>>> security flaw in an earlier verison of IE. But I am pretty sure you
>>> are hitting standard cross domain scripting security (so a rogue
>>> window can't take control of another window send it to your banks
>>> website and empty your bank account).
>>>
>>> I doubt there is a 'generic' solution without access to the parent
>>> website (to 'push' info into the iframe) - but there could be
>>> workarounds maybe using a script on a local drive or a hypertext
>>> application.
>>>
>>> Paul /)/+)
>>>
>>>
>>> 2009/2/12 AndrewGill73 at gmail.com <andrewgill73 at gmail.com>:
>>> > Hello BNM,
>>> >
>>> > I'm running some javascript in an iframe. The javascript gets
>>> information
>>> > from it's parent website using these 2 functions:
>>> >
>>> > window.parent.location.href;
>>> > window.parent.document.title;
>>> >
>>> > On some websites it works fine... On other websites there is a
>>> permission
>>> > denied error. I have no control over the parent website unfortunately.
>>> >
>>> > Is there any way of getting any website parent information to an iFrame
>>> ?
>>> > Can anyone think of a "workaround"?
>>> >
>>> > MANY THANKS.
>>> >
>>> > cheers,
>>> > Andrew Gill
>>> > --
>>> >
>>> > BNM Subscribe/Unsubscribe:
>>> > http://www.brightonnewmedia.org/options/bnmlist
>>> >
>>> > BNM powered by Wessex Networks:
>>> > http://www.wessexnetworks.com
>>> >
>>> --
>>>
>>> BNM Subscribe/Unsubscribe:
>>> http://www.brightonnewmedia.org/options/bnmlist
>>>
>>> BNM powered by Wessex Networks:
>>> http://www.wessexnetworks.com
>>>
>>
>>
>>
>> --
>> Dr Alastair James
>> CTO James Publishing Ltd.
>>
>> www.worldreviewer.com
>> Winner Yahoo! Finds of the Year
>> WINNER Travolution Awards Best New Online Travel Company 2008
>> "In a market increasingly crowded with new content and experience-led
>> sites, Worldreviewer stands out a mile. It has used exclusive editorial and
>> excellent tools to wonderful effect and ensured its commercial partnerships
>> are relevant to the target market."
>>
>> Blogs: onewheeledbicycle.com, traveltelegraph.com
>>
>> "Utinam logica falsa tuam philosophiam totam suffodiant!"
>>
>
>
>
> --
> Dr Alastair James
> CTO James Publishing Ltd.
>
> www.worldreviewer.com
> Winner Yahoo! Finds of the Year
> WINNER Travolution Awards Best New Online Travel Company 2008
> "In a market increasingly crowded with new content and experience-led sites,
> Worldreviewer stands out a mile. It has used exclusive editorial and
> excellent tools to wonderful effect and ensured its commercial partnerships
> are relevant to the target market."
>
> Blogs: onewheeledbicycle.com, traveltelegraph.com
>
> "Utinam logica falsa tuam philosophiam totam suffodiant!"
> --
>
> BNM Subscribe/Unsubscribe:
> http://www.brightonnewmedia.org/options/bnmlist
>
> BNM powered by Wessex Networks:
> http://www.wessexnetworks.com
>

More information about the BNMlist mailing list. Powered by Wessex Networks