Javascript - can't access pages from other domains? - JavaScript and AJAX forum at WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

Javascript - can't access pages from other domains?

jgaffney

3:56 am on Jun 5, 2003 (gmt 0)

It looks like both Javascript and Java are prevented from accessing document data in other frames/windows if the URL is from a different domain than the script/applet.

Is this a hard and fast security limitation?

Could a "trusted" Java applet get around this?

My hope was to create a script/applet that would retrieve a list of pages and submit their contents to an .asp script, which would then analyze all and return report.

Or maybe this calls for a "real" application...

tedster

6:28 pm on Jun 6, 2003 (gmt 0)

The default security in JavaScript is even more restrictive than "same domain". It's known as the Same Origin policy. It says that a script can only read properties of windows and documents that were loaded:

1. from the same host
2. through the same port
3. by the same protocol

Reference: Mozilla.org [mozilla.org]

There is one happy exception - you can bypass the limitation for subdomains of the same domain, such as sub1.domain.com and sub2.domain.com. You do this by reassigning document.domain to the short version, e.g. document.domain="domain.com". This allows windows from the root domain to interact with windows in different subdomains.

You're correct that a "trusted script" can have more freedom - I've never written a signed script and I've only ever read about it (here's one solid reference: Netscape DevEdge [developer.netscape.com].) I understand it can be a bit unwieldy in many situations. Given that, a "real" app just may be the way to go.

That's not a definitive answer, I know. Hope the references will help you make a good decision for your situation.

[edited by: tedster at 12:42 am (utc) on June 7, 2003]

jgaffney

9:58 pm on Jun 6, 2003 (gmt 0)

Exactly what I needed. Thanks!