0

I am developing a bookmarklet that helps users share images. While authenticating the person, I need to read cookie set by domain: www.xxx.com.

The bookmarklet JavaScript is served by bookmarklet.xxx.com but since this JavaScript is rendered on the website on which bookmarklet is called, it only accessed the cookies of that site and not the ones set by www.xxx.com.

I have researched it and according to some answers at SO, this is a security issue and hence cookies from another domain can't be accessed.

I tried executing my scripts in a hidden iframe rendered by www.xxx.com/iframe/iframe.html and it did accessed the cookies but the problem is this script can't pass the value to my bookmarklet script. And I can't access the Iframe DOM which is another security issue.

Kindly suggest a suitable way so that I may solve this issue.

Talha Masood
  • 993
  • 1
  • 7
  • 22

1 Answers1

1

You can use postMessage to pass information from the iframe back to your page.

Sending the message:

windowReference.postMessage("The user is 'bob' and the password is 'secret'",
              "https://secure.example.net");

Reading the message

window.addEventListener("message", receiveMessage, false);

function receiveMessage(event)
{
  if (event.origin !== "http://example.org:8080")
    return;

  // ...
}
epascarello
  • 204,599
  • 20
  • 195
  • 236
  • Sure let me give it a try. And I'll really send you flowers if it works @epascarello ;) – Talha Masood Feb 06 '14 at 18:35
  • This is good stuff but I think it has some serious compatibility issues with other browsers! – Talha Masood Feb 06 '14 at 18:43
  • Just one last question. Is it possible if I was able to access unique browser hash or some unique finger print. You see my aim is to recognize a computer. If not through cookies, then is there any other way? – Talha Masood Feb 06 '14 at 18:47
  • There are a bunch of libraries out there: https://github.com/Valve/fingerprintjs is one of them. – epascarello Feb 06 '14 at 18:51