1. Computing

Frames and Multiple Domains

By

One of the reasons why you might use frames for your web site is when you are incorpoating interactive services that are hosted by the service provider into your web site. Your site provides the frameset and the navigation frame and the service provider site provides the content.

Having the different frames loading from different domains has implications when it comes to Javascript. For security reasons Javascript running on pages from one domain is not allowed to access anything from web pages that originated on a different domain.

Any cross frame Javascript that works when each of the frames is loaded from the same domain will fail to work when the frame being referenced has originated from a different domain.

The only Javascript that does work with regard to the loading of a page from a different domain into one of the frames in your frameset is the command to load that page in the first place and code which will replace that page with another complete page either from that same domain or any other domain. In other words, the frame itself can still be referenced but the content of that frame becomes invisible to Javascript when they come from different domains.

Why does Javascript have this restriction? Well if you consider what the situation would be without such a restriction you can soon seee why allowing such access would be a security concer.

Consider where information identifying someone has been entered into your site and saved as a cookie on their computer. That information is only available to your site and is not shared with other sites.If information could be accessed between domains by Javascript then any other site that opens your page within a frame in their frameset would be able to use Javascript to access the content of the cookie stored by your site and make use of it. At least this is a breach of privacy with regard to the information held in the cookie. At worst the other has gained access to financial and personal information about the person who has visited the other site.

  1. About.com
  2. Computing
  3. JavaScript
  4. Windows and Frames
  5. Frames
  6. JavaScript Security, Frames and Multiple Domains

©2014 About.com. All rights reserved.