The same origin security policy of browsers - Client side communication
What is the policy?
It is a defective security mechanism that constrains components such as objects
and pages on a browser to access only others components loaded from the same server.
You might say, "I can easily load iframes from different domain by initially signing
their src or dynamically modifying their location.href. Then what problem I have?"
Well, see the answer from the demo below: the iframes loaded from different domains
can NOT "see or talk to" each other;)
What is this demo?
This demo shows a page contains two iframes loaded from different domains:
- the parent/top frame, say A, (frame contian this text) is loaded from coolshare.com
- the left iframe, say B, is loaded from coolshare.com too
- the right iframe, say C, is loaded from markqian.com
There are buttons where you can make calls to functions reside in other frames.
As you can see, on calls possible are calls between A and B since A and B are
loaded from the same domain.
So C is a "dead zone" where you can only be load but can't communicate with the rest of
the screen and vis versa.
Compatibility: IE (6.x, 7.x), FireFox (188.8.131.52), Mozilla/Netscape(7.2), Opera(9.0)
were fully tested and worked in XP (v2002. sp2).
This is the parent frame A (loaded from Coolshare.com)