JavaScript - Cross Site Scripting and Parent Window

Question

Whew... I have asked several questions today until I have just now figured out what the problem actually is. The problem is related to cross-site scripting. Here is my scenario.

I have a web application that launches a dialog window using window.open function in JavaScript. This window redirects the user to the Twitter OAuth login page. When the user has (or has not) given my web application access to a user's Twitter account, the user is redirected to a callback page. This callback page is a page in my web application.

When the callback page is loaded, I want to update a DIV element on the opening HTML page. However, due to a recent cross-site scripting update, I cannot update an opening page's DIV element.

Does anyone know how to do this?

Thank you!

Answer 1

As far as I know, when you register an application at twitter, you can also define a page when OAuth process is completed. Assuming that the callback page is in the same domain/subdomain of your webapp, from the opened page in the popup window you can use :

var objDivToUpdate = window.opener.document.getElementById("myDiv");
objDivToUpdate.innerHTML = "some string generated from AJAX call";