views:

22

answers:

1

How can Facebook make work external iFrames? nThat's my quiestion. I have always know that for security reasons, external HTML iFrames (i.e. An iFrame with src attribute different from the actual domain root), but then I realized that Facebook iFrame applications does really work, something that really surprised me because I knew that this functionality would be available only with the HTML5 sandbox iFrame mode, and this method works even in not HTML5 compliant browsers. Can anyone explain that to me? How can I do that?

A: 

You can have an iframe that points to another domain, that's not a problem. However, there are restrictions in terms of what scripting you can do between the domains (i.e. javascript in domain A can't talk to javascript in domain B).

Facebook gets around it by using a second hidden iframe and fragment identifiers for IE<8 (and window.postMessage I believe, for IE>=8 and other browsers). It's a fairly common technique for getting unrelated domains talking to each, here's an example I found with a quick google.

Dean Harding