Reputation: 11
Detect if user has clicked element inside popup
Is it possible to check if the user has clicked an element inside popup windows? I currently use this JavaScript to open a popup and detect if it's closed.
var win = window.open(url,'','height=500,width=800');
var winTimer = window.setInterval(function()
{
if (win.closed == true) {
clearInterval(winTimer);
}
}, 2000);
For example, I open YouTube in a popup window and I want to detect if a user has clicked the 'like' button. How would I detect an element click inside my interval and close popup once it's detected?
Upvotes: 1
Views: 568
Answers (1)
Reputation: 22911
Unfortunately, unless the domain is hosted on the same domain as your site, you're going to run into cross-domain security issues. What you're trying to accomplish (Through youtube), would not work in this case, unless they had an implicit api that allows this (See Window.postMessage()).
From the wikipedia page for the Same-origin_policy:
The main reason to have this restriction is because without the same-origin policy there would be a security risk. Assume that a user is visiting a banking website and doesn't log out. Then he goes to any random other site and that site has some malicious JavaScript code running in the background that requests data from the banking site. Because the user is still logged in on the banking site, that malicious code could do anything on the banking site. For example, get a list of your last transactions, create a new transaction, etc. This is because the browser can send and receive session cookies to the banking website based on the domain of the banking website. A user visiting that malicious site would expect that the site he is visiting has no access to the banking session cookie. While this is true, the JavaScript has no direct access to the banking session cookie, but it could still send and receive requests to the banking site with the banking site's session cookie, essentially acting as a normal user of the banking site. Regarding the sending of new transactions, even CSRF protections by the banking site have no effect, because the script can simply do the same as the user would do. So this is a concern for all sites where you use sessions and/or need to be logged in. If the banking site from the example (or any other site of course) only presents public data and you cannot trigger anything, then there is usually no danger which the same-origin policy protects against. Also, if the two sites are under control of the same party or trust each other completely, then there is probably no danger either.
Upvotes: 1
Related Questions
- Is it possible to detect the user click event in the popup window?
- Popup is triggered multiple times with short time interval
- Check if a popup window is already open before opening it using Jquery
- How to check if pop up is displayed on page with Jquery
- Javascript multiple click events with different popups
- Display popup only once per visit
- POP up triggered by a click
- Pop-up Event Handler
- Check if a popup is being opened
- How to detect one by one click interval with jQuery?