Reputation: 85852
Can I grant explicit Javascript methods to a different-host iframe?
I'm thinking about a system in which I allow users to create Javascript-empowered widgets for other users to embed in their dashboard on my website. I'd like to limit these widgets fairly strictly, so each would exist as an iframe kept on its own unique hostname: the widget with ID #47 would be accessible at w47.widgets.example.com, for example.
It would be helpful, for permission-granting dialogs and the like, to allow the widget to call very specific methods explicitly granted by the parent window, without authorizing the iframe to do whatever it likes with the parent frame on the user's behalf.
Is it possible for a parent document to explicitly allow certain method calls to a child document on a different host?
Upvotes: 1
Views: 411
Answers (1)
Reputation: 19485
You could create your own protocol with postMessage and receiveMessage to let exactly what you want through. This may not work for you if you have a large variety of browsers to support, though. Older browsers (IE 7 and below, for example) require a workaround to do this technique that's kind of nasty.
Upvotes: 1
Related Questions
- Can I access javascripts from iframe parent on another domain
- Allowing a parent window to call a function on its child iframe of a different domain
- js cross-domain to iframe
- Possible to access a function on a parent page from an iframe that is on a different subdomain?
- iframe cross-domain access
- Allowing a child Iframe to call a function on its parent window from a different domain
- Cross-domain javascript on an iframe without access to the target iframe?
- How can I get a web page within an iframe to load its own JavaScript?
- How can I prevent JavaScript in an iFrame to access properties of the outer site, even if the iFrame's content comes from the same origin?
- Accessing iframe elements across different domains