For my web app, I need the ability to get HTML pages from other servers. With Ext's built-in HttpProxy the HTML pages must be on the same domain where my web app is located. Obviously this will not work me, but using an iframe tag you can give it any URL and it will get that page.
Before I actually write any code, I was wondering if anyone else had the same problem and already wrote some code similar to what I would call an "iframeTagProxy" object?
If you would be interested in such an object post some of your requirements/needs so I can make this as useful as possible.
You won't be able to read the src of an iframe that's got a document loaded from another domain. You'll run up against built-in browser domain security restrictions.
Jeff Howden
Ext JS - Support Team Volunteer jeff@extjs.com
Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.
Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.
This paper shows the technique of nested iframes, to enable secure cross-domain communication. The technique relies on document.domain, and offers details on iframe security in the various browsers.
I tried Googling for that javascript lirbary to no avail. I have emailed the authors and am waiting for a reply.
There is enough detailed information in the paper to code this library in javascript. If I don't hear back from the author's I might get started coding it myself because its a really awesome technique for secure cross-domain communication using iframes
There's nothing particularly special or groundbreaking about the multi-iframe technique detailed in that paper. It still relies on all parties properly setting the document.domain to the same domain value. This simply isn't doable without nearly having source control of both ends of the transaction.
The only reason for the multi-iframe approach is to keep the untrusted page from accessing things at the top-level that it shouldn't have access to. However, as both parties have to set the same document.domain setting, how untrusted is the other party really?
For truly untrusted sites where you can't set document.domain, you're stuck with on solution.
Jeff Howden
Ext JS - Support Team Volunteer jeff@extjs.com
Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.
Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.
iframeTagProxy ?
Reply With Quote
