I have an idea for a web application and I’m having some javascript trouble.
Suppose the application needs to get a client’s website url, show it (in an iframe or something). And then it should be able to temporarily tweak its design with Javascript which I assume is called Javascript injection. (Something similar to what the Developer Tools of browsers can do.)
So the question is: Is this cross domain javascript and if so, what solutions could I use?
, and what’s the easiest way?
On a related note: What if the user adds some of my application’s javascript code to their website (like how some APIs work), Would that help in any way.
Thanks.
same origin policy does not apply when you are armed with the proper knowledge of how modern web browsers work (IE8+ and of course all the other ones are always ahead of IE)
I specifically tackled this problem by using postMessage and iframe for cross browser communication. This technique works in IE8+ and all modern browsers. Also, ensure you are setting your privacy policy in your headers for 3rd party cookie support in IE.
You can see this working live if you go to kitgui.com and try the demo. You can also use this for free.