Friday, September 22nd, 2006
The Dojo and Windows Live Platform teams have both recently released DHTML hacks that allow two iframes in different domains to communicate, bypassing the notorious same-domain policy implemented in browsers. I’m surprised by the relative lack of response in the AJAX blogosphere, as this opens lots of possibilities for mashups.
The hack relies on dynamically created iframes, using the fragment identifier to leak/communicate information to the other domain and timers to check for iframe changes.
For example, if you have page A containing an iframe B in a different domain, then B can create a new iframe and load it with a url in the same domain as A.
The url that is loaded doesn’t generate a request to the server if it is properly cached and only the fragment identifier is used to pass changing information. Page A can now get the DOM handle on the new iframe and successfully retrieve the information transmitted in the url by B.
Julien finishes up with a question to the community: “Now, the question is what cool applications will you build with this new cross-domain capability?”