javascript mini-daemon

Everyone knows about the same-origin restriction on the web. When your browser loads a webpage, it can’t dereference HTML/XML resources from other origins. However, there are ways to get around this. If the service supports a sane JSON output format, you can always include it as a script. Elements themselves can sometimes dereference resources. The list of such elements are:

  • script
  • img
  • link
  • iframe
  • frame

Hello! Ok, so iframes allow you to load html from anywhere else. The caveat is that the javascript loaded within this context can’t talk to the DOM in the original context (because they are operating under different domain/security contexts). However, I believe the javascript can talk to each other. verify javascript can talk to eachother from different domains. This means it should be possible to construct a sort of pseudo-domains that route messages between the two security contexts. If this isn’t possible, it /would/ be possible to route them both back through the server using a server side script designed for this and some script tags.


Post a Comment

Required fields are marked *

%d bloggers like this: