Name
Document.domain — the security domain of a document
Availability
JavaScript 1.1
Synopsis
document
.domain
Description
For security
reasons, an unsigned script running in one window is not allowed to
read properties of another window unless that window comes from the
same web server as the host. This causes problems for large web sites
that use multiple servers. For example, a script on the host
www.oreilly.com
might want to
share properties with a script from the host search.oreilly.com.
The domain
property helps to address this problem.
Initially, this string property contains the hostname of the web
server from which the document was loaded. You can set this property,
but only in a very restricted way: it can be set only to a domain
suffix of itself. For example, a script loaded from search.oreilly.com could set its own
domain
property to “oreilly.com”. If a
script from www.oreilly.com
is
running in another window, and it also sets its
domain
property to “oreilly.com”,
these two scripts can share properties, even though they did not
originate on the same server.
Note, however, that a script from search.oreilly.com cannot set its
domain
property to “search.oreilly”.
And, more importantly, a script from snoop.spam.com cannot set its
domain
to “oreilly.com”, which might
allow it to determine, for example, which search keywords you use.
See Also
Get JavaScript: The Definitive Guide, Fourth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.