A script to disable XSS (Same Origin Policy) restrictions
$250-750 CAD
Cerrado
Publicado hace alrededor de 12 años
$250-750 CAD
Pagado a la entrega
All modern browsers are built with a restriction: the Same Origin Policy. This has been set up in order to avoid XSS (Cross-Site Scripting) manipulations. Imagine you have a simple .html file on domain [login to view URL] (YOURS), and this .html page is containing an iframe with src set to another domain, like [login to view URL] (NOT YOURS). From [login to view URL], you will usually be unable to access the DOM of y.com. Example, if instead of [login to view URL] this is [login to view URL], [login to view URL] won't be able to access any ID contained in [login to view URL] DOM. What I wonder now is, if there is ANY imaginable way to do this? I haven't been successful yet in my various trials, and one of my website needs to get the CURRENT src of the iframe. This is very easy to retrieve the src of the iframe since I defined it myself when scripting the iframe, however this is a whole other thing to get the CURRENT url of the iframe (because the user can navigate from link to link in that iframe, and I need to know if he is still on [login to view URL], or has moved out of that domain, so I need to get the CURRENT url of the iframe from a button located on x.com.
Tell me if this is not clear. You can use Flash, Ajax, PhP, Java, .hta, vb, game engines, anything... just keep in mind that I have absolutely no control over the iframe content, except I can define the iframe source url.
Please present me a working proof of concept or demo, else I will not hire you. This is almost an impossible challenge, but the answer to the problem is probably very short.
I have a short budget for such a task (250-750$CAD), but I may find more money if this is working. Just provide me with a solid proof.
We are team of advanced javascript programmer.
Having experience of implementing cross domain origin support in website.
We will also like to make a demo of your project if you wish.