easyXSS

Please see easyXDM for updated info!

I’ve just completed the first version of my cross-site scripting library easyXSS. It is available at http://code.google.com/p/easyxss/ under a MIT-license.

As it is now it supports simple messaging between windows of different domains, but it also supports proxying method calls and results between them making it well-suited for creating API’s.

I’ve prepared several examples and demo’s at http://code.google.com/p/easyxss/ and look forward to getting feedback!

To show you a quick example, here is the code needed to have a method ‘doMagic’ that is located on domainA available in a window from domainB.

This is placed in the document api.html at domainA

var channel = easyXSS.createChannel({
onReady: function(){
remote = easyXSS.createInterface(channel, {
local: {
doMagic: _privateMethodDoingMagic
}
});
}
});

and this is placed in the document at domainB

var remote;
var channel = easyXSS.createChannel({
local: "/hash.html",
remote: "http://domaina.com/api.html",
onReady: function(){
remote = easyXSS.createInterface(channel, {
remote: {
doMagic: {}
}
});
}
});

The medhod doMagic can now be called from domainB using

remote.doMagic('argument1',2,'three',function(result){
// Consume the result
});

Tags: , , , ,

This entry was posted on Wednesday, June 24th, 2009 at 18:39 and is filed under easyXDM, programming, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  • Take a look at this:
    http://neil.fraser.name/news/2009/07/27/

    Might be relevant to you for easyXSS

  • Take a look at this:
    http://neil.fraser.name/news/2009/07/27/

    Might be relevant to you for easyXSS

  • The library does not use JSONP, but thanks anyway 🙂
    Btw, I am already aware of this issue.

  • The library does not use JSONP, but thanks anyway 🙂
    Btw, I am already aware of this issue.

  • Haha:
    “Btw, I am already aware of this is issue.” comes off pretty strangely.
    Anyway, best of luck.

  • Haha:
    “Btw, I am already aware of this is issue.” comes off pretty strangely.
    Anyway, best of luck.

  • Not quite following you there, what I ment was that I know about the issue with JSONP – I was not trying to be rude in any way 🙂

  • Not quite following you there, what I ment was that I know about the issue with JSONP – I was not trying to be rude in any way 🙂

  • ebeworld

    Hi there, I am trying to let iframe and its container to communicate and it doesn’t work quite as expected. Would you provide an example?

  • ebeworld

    Hi there, I am trying to let iframe and its container to communicate and it doesn’t work quite as expected. Would you provide an example?

  • The project recently changed its name to easyXDM (to avoid the whole XSS thing) and has gone through a few revisions, its currently at 1.5.
    You can find an extensive documentation and several examples showcasing container/iframe communication at http://easyxdm.net/docs. Hope this helps!

  • The project recently changed its name to easyXDM (to avoid the whole XSS thing) and has gone through a few revisions, its currently at 1.5.
    You can find an extensive documentation and several examples showcasing container/iframe communication at http://easyxdm.net/docs. Hope this helps!