Name

Document.domain — the security domain of a document

Availability

JavaScript 1.1

Synopsis

                  document.domain

Description

For security reasons, an unsigned script running in one window is not allowed to read properties of another window unless that window comes from the same web server as the host. This causes problems for large web sites that use multiple servers. For example, a script on the host www.oreilly.com might want to share properties with a script from the host search.oreilly.com.

The domain property helps to address this problem. Initially, this string property contains the hostname of the web server from which the document was loaded. You can set this property, but only in a very restricted way: it can be set only to a domain suffix of itself. For example, a script loaded from search.oreilly.com could set its own domain property to “oreilly.com”. If a script from www.oreilly.com is running in another window, and it also sets its domain property to “oreilly.com”, these two scripts can share properties, even though they did not originate on the same server.

Note, however, that a script from search.oreilly.com cannot set its domain property to “search.oreilly”. And, more importantly, a script from snoop.spam.com cannot set its domain to “oreilly.com”, which might allow it to determine, for example, which search keywords you use.

See Also

Chapter 21

Get JavaScript: The Definitive Guide, Fourth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.