Document.domain |
the security domain of a
document |
Availability
JavaScript 1.1
Synopsis
document.domain
Description
For security
reasons, an unsigned script running in one window is not allowed to
read properties of another window unless that window comes from the
same web server as the host. This causes problems for large web sites
that use multiple servers. For example, a script on the host
www.oreilly.com might want to
share properties with a script from the host search.oreilly.com.
The domain property helps to address this problem.
Initially, this string property contains the hostname of the web
server from which the document was loaded. You can set this property,
but only in a very restricted way: it can be set only to a domain
suffix of itself. For example, a script loaded from search.oreilly.com could set its own
domain property to "oreilly.com". If a
script from www.oreilly.com is
running in another window, and it also sets its
domain property to "oreilly.com",
these two scripts can share properties, even though they did not
originate on the same server.
Note, however, that a script from search.oreilly.com cannot set its
domain property to "search.oreilly".
And, more importantly, a script from snoop.spam.com cannot set its
domain to "oreilly.com", which might
allow it to determine, for example, which search keywords you use.
See Also
Chapter 21
|