We help IT Professionals succeed at work.

Cross-domain communication help

We have a subscription based site where members can (among other things) create an HTML popup window (via shadowbox). Once they enter the content into a wysiwyg html editor, the content is saved to a MySQL database. Here's where it gets tricky. I need to add a button on the form that when clicked will generate a bit of javascript code that the member can then copy INTO THEIR OWN WEBSITE. This code needs to pass an ID back to our server at which time the server will get their content and return the content back to THEIR site and then call a method that will actually launch the popup. I'm an accomplished Coldfusion programmer but this is just way over my head. I sense that it is similar to how google analytics works or any of the blog sites works where they generate some custom javascript for you that you paste into your site and does some processing on their server and loads a customized widget on your page of some kind. I just have no clue how to approach it.
Watch Question

Google has the right idea - but to be honest, I've never pulled back the covers.  But, I can try to give you some insight.

Using something like Google Checkout, you can include a script at the bottom of a page and use specific markup on the page (div id tags for instance) and magically things appear on the page regardless where it is being hosted provided it can talk to Google.  The way this happens is for the tag to call a script package that Google builds according to which ID was sent to it.  This script package is then sent back to the web page requesting it, and all the functions of that script package are executed (DOM manipulation).

But be warned, granting users the right to store their own content and then expecting to pass it back to some random caller will be exceedingly complicated.  The big difference between what you've imagined and Google's world is that they control the CONTENT that is sent back down the wire packed in their javascript.  

In my opinion, this is not impossible, but once you open content management up to your users, you are asking for trouble  :)
IT Expert
Top Expert 2009
not as hard as it seems. On YOUR server have a process returning script like
var text = "#somevar#"

and set the header to
content-type: text/javascript

have them call
<script type="text/javascript" src="http://yourserver.com/getjavascript.cf?id=abcde"></script>
mplungjan is not incorrect - but I could break this approach pretty easily depending on the text I entered in to my "content".
Michel PlungjanIT Expert
Top Expert 2009
Yeah, I did not handle breaklines and such - you might want to escape the content and unescape it at run time


Thank you for your responses. Let me look at this a bit. I do have questions that i will articulate in a bit.


@mplungjan   ...so basically the script block is what I would generate for them to paste into their site. And it calls a cf page that generates dynamic javascript that is 'returned' and thus displayed on their website?
Michel PlungjanIT Expert
Top Expert 2009
I am not a CF person, but something like

<cfcontent type="text/javascript">

Like here


You may want to escape quotes and perhaps disallow script tags since someone who can save script can then subsequently run that script on the page that includes it...