Section 25.151. HTMLDocument.domain: the security domain of a document
25.151. HTMLDocument.domain: the security domain of a documentDOM Level 025.151.1. SynopsisString domain 25.151.2. DescriptionAccording to the DOM Level 2 HTML standard, the domain property is simply a read-only string that contains the hostname of the web server from which the document was loaded. This property has another important use (although this use has not been standardized). The same-origin security policy (described in Section 13.8.2) prevents a script in one document from reading the content of another document (such as a document displayed in an <iframe>) unless the two documents have the same origin (i.e., were retrieved from the same web server). This can cause problems for large web sites that use multiple servers. For example, a script on the host www.oreilly.com might want to read the content of documents from the host search.oreilly.com. The domain property helps to address this problem. You can set this property but only in a very restricted way: it can be set only to a domain suffix of itself. For example, a script loaded from search.oreilly.com could set its own domain property to "oreilly.com". If a script from www.oreilly.com is running in another window, and it also sets its domain property to "oreilly.com", then each script can read content from the other script's document, even though they did not originate on the same server. Note, that a script from search.oreilly.com cannot set its domain property to "search.oreilly" or to ".com". 25.151.3. See AlsoSection 13.8.2, "The Same-Origin Policy" |
EAN: 2147483647
Pages: 767