We have a business partner that is IFRAMEing some data to one of our web pages. I would like to limit his JS abilities to interact only inside of the IFRAME as well as his PHP abilities. Is this something that is setup automatically or do I have to make sure that these capabilities are assigned somewhere. Thanks for the help.
+1
A:
1) Javascript in an iframe can't interact with the parent document, when they are from different domains.
2) Since the php code is run on your partner's server, it cannot interact with your site.
Joel L
2009-11-16 19:52:27
actually you CAN. a common use of this is cross subdomain ajax. check here: http://softwareas.com/cross-domain-communication-with-iframes
Gabriel Sosa
2009-11-16 20:15:23
According to that link, it has to be done co-operatively (unless I've missed something). If he doesn't want the JS to affect his site, *by default* it won't.
Narcissus
2009-11-16 20:26:24
@Gabriel Sosa - The question author said he does *not* want communication to occur.
Joel L
2009-11-16 20:50:20
@Joel I was doing a comment about your point 1
Gabriel Sosa
2009-11-16 21:02:59