« »

• About
• My Design
• Comics

Cross-domain Communications with Iframes by Michael Mahemoff

June 22, 2009
Tagged cross-domain, iframes, JavaScript, xss

Just came across an excellent article by Michael Mahemoff on cross-domain communications using iframes.

Michael Mahemoff has given a very good summary on “the 4 laws of iframe communications“:

1. Law I: Any window in the hierarchy can get a handle to any other window in the hierarchy.
2. Law II: Windows can only access each others’ internal state if they belong to the same domain.
3. Law III: Any window in the hierarchy can set (but not read) any other window’s location/URL, even though (from Law II) browser security policies prevent different-domain iframes from accessing each other’s internal state.
4. Law IV: When you change the URL’s fragment identifier (the bit on the end starting with a #, e.g. http://example.com/blah#fragmentID), the page doesn’t reload.

You can read the full article here:
Cross-domain Communications with Iframes

no comments

RSS / trackback

respond

Connect with your Facebook Account

Name

Mail (will not be published)

Website