Stories
Slash Boxes
Comments

use Perl

All the Perl that's Practical to Extract and Report

use Perl Log In

[ Create a new account ]

malte (1708)

malte
(email not shown publicly)
http://www.yur.tv/

Perl hacker for this [schaffhausen.de] company. My Dad's Practice [praxisamhogenkamp.de]

Journal of malte (1708)

Saturday February 23, 2008

02:59 PM

Cross domain javascript callbacks

[ #35734 ]

I created a javascript library that enables sending javascript messages between browser pages that reside on different domains.

The listener can register a number of callbacks and allow specific domains to call these callbacks.

This is done via evil cookie magic, but it seems to work. I'd be very interested in feedback. Do you have security concerns? is this a novel idea?

A demo can be seen here and the library is here

List all Journal entries

Cross domain javascript callbacks More | Login | Reply

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

Do you read Ajaxian ? (Score:1)

by renodino (6856)

I vaguely recall a similar technique described on http://www.ajaxian.com/ [ajaxian.com] some weeks ago. You might search their archive.
Also, your demo page shows different subdomains of the same domain; IIRC, some browser(s) only restrict access to the first level above the TLD ? Have you verified between, say, yahoo.com and google.com ?
- Re: (Score:2)
  
  by malte (1708)
  
  Do you mean the postMessage() [ajaxian.com] article? That's similar, but it is only implemented in opera as far as I know.
  
  xssinterface works across different top-level and second level-domains because it asks a url from the destination domain to set the cookie.

Get More Comments

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.