search
HomeWeb Front-endJS Tutorialjs sets document.domain to achieve cross-domain attention point analysis_javascript skills

The example of this article analyzes the points to note when setting document.domain in js to achieve cross-domain implementation. Share it with everyone for your reference. The specific analysis is as follows:

document.domain
Used to get the domain name of the current web page.
For example, enter in the address bar:

Copy code The code is as follows:
javascript:alert(document.domain); //www.jb51.net

We can also assign a value to the document.domain attribute, but there are restrictions. You can only assign it to the current domain name or the basic domain name.
For example:

Copy code The code is as follows:
javascript:alert(document.domain = "jb51.net"); //jb51 .net
javascript:alert(document.domain = "www.jb51.net"); //www.jb51.net

The above assignments are all successful because www.jb51.net is the current domain name and jb51.net is the basic domain name.

But the following assignment will cause an "invalid parameter" error:

Copy code The code is as follows:
javascript:alert(document.domain = "cctv.net"); //Parameters Invalid
javascript:alert(document.domain = "www.jb51.net"); //Invalid parameter

Because cctv.net and www.jb51.net are not the current domain name nor the base domain name of the current domain name, errors will occur.
This is to prevent someone from maliciously modifying document.domain to steal data across domains.

Use document.domain to achieve cross-domain:

Prerequisite: These two domain names must belong to the same basic domain name! And the protocols and ports used must be consistent, otherwise document.domain cannot be used for cross-domain

Javascript prohibits two or more pages from different domains from interoperating for security reasons.
Pages from the same domain will interoperate without any problems.

For example, in a webpage (a.html) of aaa.com, a webpage (b.html) in bbb.com is introduced using iframe.
At this time, the content in b.html can be seen in a.html, but javascript cannot be used to operate it. Because the two pages belong to different domains, before operating, js will check whether the domains of the two pages are equal. If they are equal, the operation will be allowed. If they are not equal, the operation will be rejected.
It is impossible to change a.html and b.html to the same domain using JS. Because their base domain names are not equal. (If you force JS to change them into equal fields, the same "invalid parameter error" as above will be reported)

So if you introduce another webpage in aaa.com into a.html, there will be no problem because the domains are equal.

There is another situation, two subdomains:

aaa.xxx.com
bbb.xxx.com

A webpage (a.html) in aaa introduces a webpage (b.html) in bbb,
At this time, the content in b.html cannot be manipulated in a.html.
Because the document.domain is different, one is aaa.xxx.com and the other is bbb.xxx.com.

At this time, we can change the domain of the two pages to the same through Javascript,
Need to add in both a.html and b.html:

Copy code The code is as follows:
document.domain = "xxx.com";

This way the two pages can operate with each other. That is to say, "cross-domain" between the same basic domain names is realized.

I hope this article will be helpful to everyone’s JavaScript programming design.

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Building a Multi-Tenant SaaS Application with Next.js (Backend Integration)Building a Multi-Tenant SaaS Application with Next.js (Backend Integration)Apr 11, 2025 am 08:23 AM

I built a functional multi-tenant SaaS application (an EdTech app) with your everyday tech tool and you can do the same. First, what’s a multi-tenant SaaS application? Multi-tenant SaaS applications let you serve multiple customers from a sing

How to Build a Multi-Tenant SaaS Application with Next.js (Frontend Integration)How to Build a Multi-Tenant SaaS Application with Next.js (Frontend Integration)Apr 11, 2025 am 08:22 AM

This article demonstrates frontend integration with a backend secured by Permit, building a functional EdTech SaaS application using Next.js. The frontend fetches user permissions to control UI visibility and ensures API requests adhere to role-base

JavaScript: Exploring the Versatility of a Web LanguageJavaScript: Exploring the Versatility of a Web LanguageApr 11, 2025 am 12:01 AM

JavaScript is the core language of modern web development and is widely used for its diversity and flexibility. 1) Front-end development: build dynamic web pages and single-page applications through DOM operations and modern frameworks (such as React, Vue.js, Angular). 2) Server-side development: Node.js uses a non-blocking I/O model to handle high concurrency and real-time applications. 3) Mobile and desktop application development: cross-platform development is realized through ReactNative and Electron to improve development efficiency.

The Evolution of JavaScript: Current Trends and Future ProspectsThe Evolution of JavaScript: Current Trends and Future ProspectsApr 10, 2025 am 09:33 AM

The latest trends in JavaScript include the rise of TypeScript, the popularity of modern frameworks and libraries, and the application of WebAssembly. Future prospects cover more powerful type systems, the development of server-side JavaScript, the expansion of artificial intelligence and machine learning, and the potential of IoT and edge computing.

Demystifying JavaScript: What It Does and Why It MattersDemystifying JavaScript: What It Does and Why It MattersApr 09, 2025 am 12:07 AM

JavaScript is the cornerstone of modern web development, and its main functions include event-driven programming, dynamic content generation and asynchronous programming. 1) Event-driven programming allows web pages to change dynamically according to user operations. 2) Dynamic content generation allows page content to be adjusted according to conditions. 3) Asynchronous programming ensures that the user interface is not blocked. JavaScript is widely used in web interaction, single-page application and server-side development, greatly improving the flexibility of user experience and cross-platform development.

Is Python or JavaScript better?Is Python or JavaScript better?Apr 06, 2025 am 12:14 AM

Python is more suitable for data science and machine learning, while JavaScript is more suitable for front-end and full-stack development. 1. Python is known for its concise syntax and rich library ecosystem, and is suitable for data analysis and web development. 2. JavaScript is the core of front-end development. Node.js supports server-side programming and is suitable for full-stack development.

How do I install JavaScript?How do I install JavaScript?Apr 05, 2025 am 12:16 AM

JavaScript does not require installation because it is already built into modern browsers. You just need a text editor and a browser to get started. 1) In the browser environment, run it by embedding the HTML file through tags. 2) In the Node.js environment, after downloading and installing Node.js, run the JavaScript file through the command line.

How to send notifications before a task starts in Quartz?How to send notifications before a task starts in Quartz?Apr 04, 2025 pm 09:24 PM

How to send task notifications in Quartz In advance When using the Quartz timer to schedule a task, the execution time of the task is set by the cron expression. Now...

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. How to Fix Audio if You Can't Hear Anyone
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
WWE 2K25: How To Unlock Everything In MyRise
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

Atom editor mac version download

Atom editor mac version download

The most popular open source editor

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools