tags:

views:

54

answers:

1
Q: 

Can I grant explicit Javascript methods to a different-host iframe?

I'm thinking about a system in which I allow users to create Javascript-empowered widgets for other users to embed in their dashboard on my website. I'd like to limit these widgets fairly strictly, so each would exist as an iframe kept on its own unique hostname: the widget with ID #47 would be accessible at w47.widgets.example.com, for example.

It would be helpful, for permission-granting dialogs and the like, to allow the widget to call very specific methods explicitly granted by the parent window, without authorizing the iframe to do whatever it likes with the parent frame on the user's behalf.

Is it possible for a parent document to explicitly allow certain method calls to a child document on a different host?

+1  A: 

You could create your own protocol with postMessage and receiveMessage to let exactly what you want through. This may not work for you if you have a large variety of browsers to support, though. Older browsers (IE 7 and below, for example) require a workaround to do this technique that's kind of nasty.

x1a4  2010-05-29 19:55:03
Ooh, that's fancy! And I found [a jQuery plugin](http://benalman.com/projects/jquery-postmessage-plugin/) that seems to implement the cross-browser workarounds for me. Thanks!
Matchu  2010-05-29 20:00:57
That plugin works great, just make sure the urls match up. I spent the better part of 2 days making all of that work in every browser, even with the plugin, due to needing to match up the url on both server and client side - I needed to set up a 2 way communication channel, so it got kind of dicey. Definitely possible, though.
x1a4  2010-05-29 20:07:24

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript