都在一个域里 试下<script type="text/javascript">
document.domain=*** //域名比如 gov.cn
</script>
document.domain=*** //域名比如 gov.cn
</script>
解决方案 »
- nfinite scroll+Masonry无限滚动瀑布流
- 谁会重写htmleditor的工具栏,我想在工具栏上添加一个自定义的按钮
- js不执行
- GOOGLE的股票走势图是用什么工具去画的?
- 如何用javascript查找距离某个标签最近的一个tag?
- |zyciis| 在form中的onsubmit中如何得到是哪一个控件触发了这个submint 谢谢
- 在网上看到可以在地址栏里输入javascript:alert(document.lastModified)来知道网页的最后更新时间,但我试下来,怎么每个网页的最后更新时间都是当前系统时间呢
- [100分]一道难题!!!谁能把Yahoo新邮各技术扒下来!!!(为JS Fans们做贡献!!!)
- JavaScript里面声明一个变量,使用var关键字与不使用var关键字有什么区别?
- history与缓存
- 请教js的for in的用法
- 问个很白的问题,js里面如何判断一个数是整数
http://community.csdn.net/Expert/topic/5533/5533363.xml?temp=.3585626
主题:...跨域调用(改变非同一网站上网页输入框的值) (跨域访问Iframe)
回复:JK_10000(JK) 2007-05-17 10:33:39 如下,C.htm,B.htm/B1.htm在异域:
C.htm:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>跨域调用iframe</title>
</head>
<body>
<input type=button value="直接跨域调用(会失败)" onclick="frames['frameB'].testFun();" >
<input type=button value="间接跨域调用" onclick="window.open('http://jk:8080/xpc/B1.htm','frameA')" >
<hr>
<iframe name=frameA src="about:blank" style="display:none;"/>
<iframe name=frameB src="http://jk:8080/xpc/B.htm"/>
</body>
</html>----------------------
B.htm:
<HTML>
<HEAD>
<TITLE>跨域调用iframe</TITLE>
</HEAD>
<BODY>
</BODY>
</HTML>
<script>
function testFun()
{
alert(location.href);
}
</script>------------------------
B1.htm:
<HTML>
<HEAD>
<TITLE>过渡页面</TITLE>
<SCRIPT LANGUAGE="JavaScript" >
window.open("javascript:testFun();","frameB")
</SCRIPT>
</HEAD>
<BODY>
<input type=button value="调用frameB里的testFun();" onclick='window.open("javascript:testFun();","frameB")' >
</BODY>
</HTML>
下面的是跨域调用top的
http://community.csdn.net/Expert/topic/5505/5505506.xml?temp=.2110559
主题:谁能搞定跨域访问中的这个问题?
回复:JK_10000(JK) 2007-05-14 10:22:38 如下,C.htm/C1.htm位于c盘,B.htm在异域:
C.htm:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>Hello</title>
<script>
function testFun()
{
alert('hello JK ');
}
</script>
</head>
<body>
<iframe name=frameA src="about:blank" />
<iframe name=frameB src="http://jk:8080/xpc/B.htm"/>
</body>
</html>
------------------------
C1.htm:
<HTML>
<HEAD>
<TITLE>过渡页面</TITLE>
<SCRIPT LANGUAGE="JavaScript" >
top.testFun();
</SCRIPT>
</HEAD>
<BODY>
<input type=button value="test" onclick="top.testFun();" >
</BODY>
</HTML>
----------------------
B.htm:
<HTML>
<HEAD>
<TITLE>跨域调用Top</TITLE>
</HEAD>
<BODY>
<input type=button value="直接跨域调用(会失败)" onclick="top.testFun();" >
<input type=button value="间接跨域调用" onclick="window.open('C:\\C1.htm','frameA')" >
</BODY>
</HTML>
http://community.csdn.net/Expert/topic/5533/5533363.xml?temp=.3585626
主题:...跨域调用(改变非同一网站上网页输入框的值) (跨域访问Iframe)
回复:JK_10000(JK) 2007-05-17 10:33:39 如下,C.htm,B.htm/B1.htm在异域:
C.htm:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>跨域调用iframe</title>
</head>
<body>
<input type=button value="直接跨域调用(会失败)" onclick="frames['frameB'].testFun();" >
<input type=button value="间接跨域调用" onclick="window.open('http://jk:8080/xpc/B1.htm','frameA')" >
<hr>
<iframe name=frameA src="about:blank" style="display:none;"/>
<iframe name=frameB src="http://jk:8080/xpc/B.htm"/>
</body>
</html>----------------------
B.htm:
<HTML>
<HEAD>
<TITLE>跨域调用iframe</TITLE>
</HEAD>
<BODY>
</BODY>
</HTML>
<script>
function testFun()
{
alert(location.href);
}
</script>------------------------
B1.htm:
<HTML>
<HEAD>
<TITLE>过渡页面</TITLE>
<SCRIPT LANGUAGE="JavaScript" >
window.open("javascript:testFun();","frameB")
</SCRIPT>
</HEAD>
<BODY>
<input type=button value="调用frameB里的testFun();" onclick='window.open("javascript:testFun();","frameB")' >
</BODY>
</HTML>
---------------------------------------
---------------------------------------
测试了一下,还是拒绝访问。。
主要是这句window.open("javascript:testFun();","frameB")
del.icio.us direc.tor: Creating A Client-Side Web Service Broker
June 20, 2005Initially, I had planned on using the XmlHTTPRequest object to create a client-side application that integrated various web services like Google suggest, del.icio.us, Flickr, Yahoo developer network, etc. Unfortunately, the browser security restrictions severely limit the capabilities of a client-side application, essentially eliminating any cross-domain integration services. However, single-domain services can still be implemented by using the Javascript bootloading technique.Same-Origin Policy
The most frustrating part of creating any client-side application is the security model that applies to just about all executable objects that can be accessed by the browser. Designed the prevent cross-site scripting attacks (XSS), the same-origin policy effectively prohibits a page served from www.mydomain.org to access any document served from a different domain, via XmlHTTPRequest, IFRAME's, or similar DOM methods. Therefore, a page with a URL of http://www.mydomain.org:80/ cannot access another page that does not share the same protocol, domain, and port.One exception to this rule is when the document.domain property is set. This exception stipulates that in an FRAME/IFRAME situation, documents served from different subdomains of the same base domain may access each other's DOM tree if both pages set their respective document.domain property to the base domain. For example, if a page blue.domainA.org/master.html contains an IFRAME of the page red.domainA.org/slave.html, then by default the two pages will not be allowed to access each other's DOM tree. However, if both pages contain an explicit Javascript command, document.domain = "domainA.org";, then access to the DOMs will be granted. What is somewhat confusing is that all pages have a valid document.domain property that is set, but is considered null by the security model until it is set explicitly. Unfortunately, XmlHTTPRequest objects are not affected by the document.domain property. XmlHTTPRequest will only fetch documents from the originating server. In fact, you have to specify a relative URL, since it completely ignores any URL's with a fully-qualified domain name.None of these security policies apply when executing a web page served from localhost. You can use IFRAME's and XmlHTTPRequest objects to access any valid URL to your heart's content.Using the Javascript Bootloader
You can execute arbitrary Javascript code in the security context of any web page by simply typing a javascript command into the browser's address bar:javascript:void(document.body.style.backgroundColor='#c00')That command can also be booked by either editing a book property directly or using the drag-and-drop method, thus creating a Javascript booklet. As anyone who has had the displeasure of implementing third-party banner ads knows, a web page may contain a <script> reference to any valid URL, i.e. <script src="http://shoddy.advertiser.net"></script>. The Javascript bootloader uses this capability to inject foreign code — not by writing out a <script> string, but by way of DOM node creation:// Create a new script node
var element = document.createElement('script');// set the 'src' attribute of the element
element.setAttribute('src', 'http://johnvey.com/features/deliciousdirector/dboot.js');// insert the new node into the current document
document.body.appendChild(element);Once the new script node is inserted, the browser will automatically process the attached code. The complete javascript booklet is as follows:javascript:void((function() {var%20element=document.createElement('script'); element.setAttribute('src', 'http://johnvey.com/features/deliciousdirector/dboot.js'); document.body.appendChild(element)})())This method eliminates the need to include large blocks of Javascript code inside a book (compare with the Javascript shell), and allows central control of the core Javascript code.Resetting the Page
Once the foreign code is loaded, you may want to clear the content from the page in order to start from a clean slate:// clear the body content
document.body.innerHTML = "";// remove all the existing stylesheets
for(i=0; (a = document.getElementsByTagName("link")[i]); i++) {
if(a.getAttribute("rel").indexOf("style") != -1) {
a.disabled = true;
}
}// fill in new body content
document.body.innerHTML = "Hello, World!";// create a new stylesheet link
var ns = document.createElement("link");
ns.rel = "stylesheet";
ns.type = "text/css";
ns.href = "http://johnvey.com/features/deliciousdirector/d.css";
document.body.appendChild(ns);// create a new script node for the main program logic
var js = document.createElement("script");
js.language = "javascript";
js.src = "http://johnvey.com/features/deliciousdirector/d.js";
document.body.appendChild(js);// update the page title
document.title += " (Direc.tor)";
-----
B.htm与B1.htm在同一个域
C.htm在另一个域
window.open("javascript:testFun();","frameB")是B1.htm调B.htm的,
在IE下不会有跨域的问题.
-----以上结论,仅在IE6下验证过,IE7下没有去验证
-----
B.htm与B1.htm在同一个域
C.htm在另一个域
window.open("javascript:testFun();","frameB")是B1.htm调B.htm的,
在IE下不会有跨域的问题.
-----以上结论,仅在IE6下验证过,IE7下没有去验证
=========================================================================
我也是在我的机器IE6下验证的。。没有成功,但类似的方式我在其他机器上(IE 7)试过可以通过,大致思路和你说的一样,就是通过从C post 一个form 到框架B1,让B1初始化时调用B的javascript函数。
但这种方法也存在一个问题,就是javascript返回值的问题了,一旦有返回值,那么该怎么获取呢?
问题越来越清晰了,谢谢楼上各位的指导
-------
看JK的回复,两个回复能实现一个互调的机制:
"上面的是跨域调用iframe的
下面的是跨域调用top的"
可以把js写到 include里面试试
<script src="http://www.google.com/a.js"></script>
也可以引用异域js文件。
JK_10000(JK) ( ) 信誉:121 2007-09-06 11:43:46 得分: 0
同楼上
<script src="http://www.google.com/a.js"></script>
也可以引用异域js文件
===================================================================
引用异域js文件,可以执行,但这样的话也是在本域页面上执行这个JS的函数,并非真的执行异域页面上的js,所以,这个js的函数依旧不能访问异域页面的对象,