Cross domain - temporary edit pages with javascript

Question

I have an idea for a web application and I'm having some javascript trouble.

Suppose the application needs to get a client's website url, show it (in an iframe or something). And then it should be able to temporarily tweak its design with Javascript which I assume is called Javascript injection. (Something similar to what the Developer Tools of browsers can do.)

So the question is: Is this cross domain javascript and if so, what solutions could I use? , and what's the easiest way?

On a related note: What if the user adds some of my application's javascript code to their website (like how some APIs work), Would that help in any way.

Thanks.

Answer 1

You culd use bookmarklet to add your javascript code to client's webpage. Like firebug lite does.

Answer 2

same origin policy does not apply when you are armed with the proper knowledge of how modern web browsers work (IE8+ and of course all the other ones are always ahead of IE)

I specifically tackled this problem by using postMessage and iframe for cross browser communication. This technique works in IE8+ and all modern browsers. Also, ensure you are setting your privacy policy in your headers for 3rd party cookie support in IE.

You can see this working live if you go to kitgui.com and try the demo. You can also use this for free.

Answer 3

This is cross domain. So the solution: Server Side Languages

PHP, ASP.Net, Ruby on Rails, etc. Load their website via that and then you can touch it because it will be a copy on your site. I will warn you though, this can be very difficult when using libraries like CURL (at least in my experience with PHP's CURL).

Answer 4

If they are including your JS in their page, then the JS is running from their page and you can just use standard DOM.

If they aren't, then the same origin policy will prevent you from touching their site.