3

I am trying to do the following:

Main document calls a function in iFrame whose URL is from a different location but the Javascript function I'm trying to call loaded from the same domain as the main document.

Is there any way to do this?

To clarify:

  • Main document: http://www.main.com
  • iFrame document: http://www.example.com
  • JS function i'm calling in iFrame is at http://www.main.com/js/script.js

I'm getting 

Permission denied to access property 'js_function'

When doing

document.getElementById("iframe").contentWindow.js_function(n)
Improve this question

3 Answers 3

Reset to default
5

Even though the script is hosted on main.com it is executed in the context of example.com and therefore is considered to be part of example.com ... and therefore has no access to variables or functions in the main.com window. You can hack around this with various cross domain communication hacks (or you can ignore IE < 8 and use window.postMessage by itself).

SEE ALSO: http://stevehanov.ca/blog/index.php?id=109

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I see what you're doing. There was a "hack" that made use of two iframes (if I remember correctly). Both that hack and the one you mention here are awfully obscure, and I wouldn't be surprised if they have been locked down knowingly.

The best fix I can think of is to load the code for js_function() in the main window (outside of the iframe).

Can you be more specific on what the JS code does? I may be able to help better.

Improve this answer

6 Comments

It doesn't help that the Javascript file I'm trying to access is from the same domain as the main document?
No it doesn't. There are many reasons why not. If you recall how XSS works, they try limiting injection as much as possible. Disabling the protection just because the content came from elsewhere is a grave risk.
How could this be accepted as the answer? And XSS has nothing to do with script origin. For a real solution see my answer.
@Sean - You expected the OP to travel into the future (from 26th April) to find the answer you wrote up 11 minutes ago (2nd May)?
@Christian - No, I just thought it shouldn't have been marked as an answer in the first place :)
|
0

Use easyXDM's RPC feature, it combines XDM with RPC. An example of this can be seen here: http://consumer.easyxdm.net/current/example/methods.html

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.