Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

malte (1708)

  (email not shown publicly)

Working on Joose JavaScript meta system (Blog) [] and blok [], a web based application for collaborative ui prototyping.

Journal of malte (1708)

Saturday February 23, 2008
01:59 PM

Cross domain javascript callbacks

[ #35734 ]

I created a javascript library that enables sending javascript messages between browser pages that reside on different domains.

The listener can register a number of callbacks and allow specific domains to call these callbacks.

This is done via evil cookie magic, but it seems to work. I'd be very interested in feedback. Do you have security concerns? is this a novel idea?

A demo can be seen here and the library is here

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • I vaguely recall a similar technique described on [] some weeks ago. You might search their archive.

    Also, your demo page shows different subdomains of the same domain; IIRC, some browser(s) only restrict access to the first level above the TLD ? Have you verified between, say, and ?

    • Do you mean the postMessage() [] article? That's similar, but it is only implemented in opera as far as I know.

      xssinterface works across different top-level and second level-domains because it asks a url from the destination domain to set the cookie.