|new window and make new window can't access current domain cookie|
var w = window.open();
but i don't want the script in htmlcode to access the current domain
e.g.: alert(document.cookie) alert(document.opener.cookie)
Sorry, but I can't quite parse what you're asking here. Could you expand on your needs a bit more?
i have a page that allow user to post html codes
and let other users to press a button to "preview" the html code in a new open window
there's nothing to do and no need to care about "explode" scripts, let the browser patches or anti virus software to do it
what i worried about is, when preview, the code is able to access cookies in www.mydomain.com (suppose this is my domain)
so, is it possible to seprate that code away from my domain?
If I understand you correctly, you're worried about this: Code that your users enter might access cookies that were written from the same domain.
Cookies are on the user's computer. If someone knows enough to enter a script that displays cookies, then they know enough to go into their own hard drive and read their own cookies directly. So you can't be worried about someone reading their own cookies.
Are you saying there is a possibility that one person might write a script that extracts a different user's cookies?
thx tedster, you're so careful
i know users can access their own cookie
after long time thinking, i get a way to do:
when press "preview" button, submit the code to www.anotherdomain.com and output as "Content-type: text/html", so it can't access the user's cookie of www.domain.com
(all above domains is for example only)
but is this the only way? i have to prepair a standalone domain for this single problem :(