[thelist] Cross-site scripting
Richard Bennett
richard.bennett at skynet.be
Thu Sep 20 15:11:42 CDT 2001
Hi,
Two ways that I know of:
1) The project is an internal company site, like an intra-net, change the
files to .hta, run them from the client-machines (they need to be
downloaded) and add application="yes" to the iframe.
2) You can use PHP or ASP to grab the external page's content, and load the
PHP page in the IFrame. The PHP page is the same domain.
Richard.
> However, a few of the pages for the site are farmed out of the clients
existing
> content management system (rather stubbornly, since we could provide our
own),
> and this runs on a different domain. The IFRAME mentioned above is also
used,
> and the document within comes off of the same server as before. Hence the
> parent document is on a DIFFERENT domain to the one in the IFRAME. Hence
the
> scripting used to communicate between the two docuents (for the refresh
and for
> other data exchange) isn't allowed by the web browser for security
reasons.
More information about the thelist
mailing list