single origin policy

Posted on 2009-04-19
Last Modified: 2013-11-18
Hi guys,
i am working on developing a sample application. it has problems when i trying to access loading page from iframe

according to SOP [Single Origin Policy] a java script executing in page A can manipuate the dom tree of page b if a is embeded in the iframe tag of B and A , b have the same domain

am i wrong

please can anyone have a right answer
Question by:emeraldpiggy
    LVL 3

    Assisted Solution

    As By Google Code

    What is the Single Origin Policy?

    Modern browsers implement a security model known as the "Single Origin Policy" (SOP). Conceptually, it is very simple, but the limitations it applies to JavaScript applications can be quite subtle.

    Simply stated, the SOP states that JavaScript code running on a web page may not interact with any resource not originating from the same web site. The reason this security policy exists is to prevent malicious web coders from creating pages that steal web users' information or compromise their privacy. While very necessary, this policy also has the side effect of making web developers' lives difficult.
    LVL 75

    Assisted Solution

    by:Michel Plungjan
    NOTE: a change of port or protocol is ALSO seen as a different server

    To bypass, you need to set up a server proxy or pass info in the attribute

    Author Comment

    yeah according to google, I thought we can manipulate the Dom tree  of page B if A is embeded in the iframe tag of B  and (A B have the same domain)
    LVL 3

    Accepted Solution

    yes you can always manipulate the dom tree of iframe or parent frame if and only if both A and B are from same domain.

    Though there are some complicated solutions if you want to use different domains,
    but for that also u should have control over both the domains.

    see the solution :

    Author Closing Comment

    thanks that helps

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    JavaScript can be used in a browser to change parts of a webpage dynamically. It begins with the following pattern: If condition W is true, do thing X to target Y after event Z. Below are some tips and tricks to help you get started with JavaScript …
    Before we dive into the marketing strategies involved with creating an effective homepage, it’s crucial that EE members know what a homepage is. In essence, a homepage is the introductory, or default page, of a website that typically highlights the …
    The viewer will learn how to count occurrences of each item in an array.
    The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now