Can I tell if a frame access will be cross-domain before performing it?

views:

answers:

Can I tell if a frame access will be cross-domain before performing it?

I am trying to find the DOM iframe or frame element for each of the frames in a window's frames collection. The fastest way to do this, I think, is to access the frame's frameElement property. This property is only available for a same-domain access, and returns undefined and prints an error message to the log in the cross-domain case.

I can loop through the elements returned from document.getElementsByTagName to find the correct element in the cross-domain case, but I'd like to avoid printing the "Unsafe JavaScript attempt" message to the log.

Is there any way to tell before trying it if a property access attempt will run afoul of the cross-domain security policy?

Thanks.

You could check the domain on the url of the hosting page and the frame (src property). If the domains differ, you will most likely get an error.

I say most likely because if the frame is on a subdomain, but has specified document.domain to be the same as the parent frame, then cross-domain access will work.

Mikael Svenson 2010-09-17 20:04:49

Is there any standard way to parse the src property? I tried checking the frame's location property but that triggered the cross-domain error.

Greg 2010-09-17 20:10:28

@Greg: Not as far as I know. But use some regexp like mentioned at http://w3guru.blogspot.com/2009/01/how-to-get-domain-name-from-url-using.html and compare the strings.

Mikael Svenson 2010-09-17 20:19:08

Won't that also fail if the user follows a link in the frame to another site, so the src and the frame's contents no longer match?

Greg 2010-09-17 20:35:16

ansaurus

tags:

views:

answers:

Can I tell if a frame access will be cross-domain before performing it?

related questions