You are here: irt.org | FAQ | JavaScript | Misc | Q329 [ previous next ]
It is perfectly acceptable for you the "user" to see urls, values, pages, source code etc, when you choose to browse using your browser.
It is deemed unacceptable (by Netscape and Microsoft and 100% of people that use the net) for someone else to monitor what you do whilst online.
This is why JavaScript cannot *see* information in a page from another server.
There have been security holes in older browsers that allowed a site that was visited to track where you went after you left that site and then send that information back to themselves.
If they have different domain names, Netscape (only) can request access rights:
<script language="JavaScript"><!-- netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead"); alert(top.otherframe.document.myForm.myText.value); //--></script>
To make people allow this you would need to sign the script...
If you need to write applications that require additional privileges then Netscape provide "signing" of scripts using certificates that prompt the "user" for permission to do things that a script would otherwise not be allowed to do. There is plenty of information of "signing" available on Netscape's site under the "developer" section.
If both sites have the same domain name: server1.domain.com and server2.domain.com, simply add:
<html> <head> <script language="JavaScript"><!-- document.domain = 'domain.com'; //--></script>
to all pages accessed and page with script accessing other pages. This should work in both Internet Explorer and Netscape.
James D. Albert responds:
The "document.domain" property is broken and therefore unusable in Netscape Navigator 4.03 and Netscape Navigator 4.04 (both Windows and Mac).