tags:

views:

506

answers:

3
+1  Q: 

Access to svg's scripts

svg is an xml based graphics and you can add JavaScripts to it. I have tried to access to the script functions defined in a svg. The script in my svg is something like this:

<svg ... onload="RunScript(evt);"...>
<script type="text/javascript">
...
function RunScript(loadEvent) {
  // Get object in my html by id
  var objElement = top.document.getElementById('objid1');
  if (objElement)
  {
    // Extend object tag object's methods
    objElement.SVGsetDimension = setDimension;
    ...
  }
  function setDimention(w, h) {...}

In my main html file, the svg is embedded in an object tag like this:

<object id="objid1" data="mygrahic.svg" ... >
<a href="#" onclick="document.getElementById('objid1').SVGsetDimention(10, 10);
   return false;"
...>Set new dimention</a>...

This one works fine. However if the svg xml file is referenced by a full URL (on another site) like this:

<object id="objid1" data="http://www.artlibrary.net/myaccount/mygrahic.svg" ... >

the codes do not work any more. It looks like that I cannot attach the method defined in my svg script to a method in my main html object tag element, or the top or document is not available in this case, or getElementById(..) just cannot find my object element in my svg script. Is there any way I can do in the svg xml script to find my html element?

Not sure if this problem is caused by the different DOMs, and there is no way for my svg script codes to figure out another DOM's object or element. It would be nice if there is any solution.

+3  A: 

I think the clue might be in 'on another site'. There are strict rules about when JavaScript programs from different sites are allowed to communicate with teach other. The embedded SVG is being treated the same way a document inside an iframe would.

pdc  2008-10-29 18:09:30
+1  A: 

pdc has this one right. Browsers work hard to prevent cross site scripting attacks (XSS) and this is the result. You cannot execute scripts in a document loaded from another domain, or using another port or protocol. For more info you can see: http://en.wikipedia.org/wiki/Same_origin_policy

Prestaul  2008-10-29 19:53:29
A: 

So, what you're doing is, from the point of view of a browser, equivalent to the following:

<script>
function stealPassword() {
  var passwordInput = document.querySelector('input[type="password"]');
  var value = passwordInput.value; // My password!
  sendPasswordToServerToStealMyMoney(value);
}
</script>
<iframe src=mybank.com onload=stealPassword()></iframe>

I think you'll understand why this isn't desirable. (There should probably be a warning or an exception in your error console, though.)

Ms2ger  2010-08-18 08:05:12

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?