[thelist] Cross-site scripting

Mark Kennedy mark at eurogamer.net
Thu Sep 20 11:12:50 CDT 2001

Hi all,

How can I cross-site/domain script?  Is there away to tell the browser that one
pages 'trusts' another and will allow DOM access to it?  For those interested,
I'm having the following issues:

Am in the final (desperate) phases of completing a large project for a client.  
Part's of the site use a small, lightweight IFRAME to display user information
which is updated on a 30 second basis.  The isn't use a META refresh, but a
javascript timeout (there's a good reason for this) executed in the parent
document.  Everything works fine here.  Bear with me :)

However, a few of the pages for the site are farmed out of the clients existing
content management system (rather stubbornly, since we could provide our own),
and this runs on a different domain.  The IFRAME mentioned above is also used,
and the document within comes off of the same server as before.  Hence the
parent document is on a DIFFERENT domain to the one in the IFRAME.  Hence the
scripting used to communicate between the two docuents (for the refresh and for
other data exchange) isn't allowed by the web browser for security reasons.

Many thanks in advance for any help,


Mark Kennedy

More information about the thelist mailing list