Remote Scripting - Access Denied - Domains, Remote Scripting, and Domain Security

for IE 5+ and Netscape 6+

In order to exchange information across frames, the pages in those frames must share the same root domain. For example, server111.pxl8.com and server222.pxl8.com can pass data to one another as long as they each declare

<script>
document.domain = "pxl8.com";
</script>

But it won't work if one of them has a port number, so if you're server333.pxl8.com:8080 you're out of luck. .

It also won't work if one of the pages is on a secure server (https://) and the other isn't (http://).

Consequently, if you have an iframe in your page with it's src="http://www.google.com", you will not be able to access Google's page. It's a security feature and it's there to protect you.

A Brief Aside...

Does anyone remember maybe 5 or 6 years back when Microsoft was talking about creating new versions of IE that could read the content of your site and embed links and advertising into your page at relevant content points??

Cross-Frame Scripting Security Warning!

Internet Explorer contains a security bug that allows bad people to frame your site and capture keystrokes made on your site, across domains. You can block this using a script that prevents other sites from framing yours. Here's a simple example:

<script>
if (top != self){        
 top.location=self.location;    
 }
</script>

Resources