cross domain access in iframe from parent to child

Could someone please help开发者_运维百科 me with this- I've 2 applications AAA and BBB. The homepage of AAA contains an iFrame which displays the application BBB. When I login to AAA, the same login details should be used to login to BBB(single signon) and on pageload of the homepage of AAA, homepage of BBB should also be loaded in the iFrame. I tried to use javascript to access the form elements of login page of BBB to enter the login data and submit. But the browser gives me a 'Access is denied' error. I did a little reading and came to know that cross- domain communication is not allowed by the browser. Could someone tell me how I can go about achieving this?

Ok, I just extended my child-to-parent cross-domain library to support parent-to-child communication. It requires that you can communicate from child to parent.

The child-to-parent communication i'm doing uses a cross-domain file hosted by the parent (which i'll call xdParent), which is loaded in an iframe inside the child. This page (xdParent) then calls parent.parent.whateverItWantsTo

So to communicate to a lower iframe, i'm doing this:

1. Child must host its own cross-domain file (I'll call this xdChild)
2. when child iframe loads, it loads the xdParent in an iframe
3. xdParent then registers its window object with the parent (ie parent.parent.someReservedVariable = window;)
4. when parent wants to do something to child, parent uses someReservedVariable to load xdChild inside of xdParent
5. xdChild then does something with the child page (ie parent.parent.doWhateverItWantsTo)

Hope this is understandable. Unfortunately for you, I don't want to spend the time creating a concise example for you, but let me know if you have any questions.

I think my answer here might be helpful.

HTML5 supports messaging but HTML5 only has limited browser support right now.

Don't do that.

It's just not a good idea.

You may be broken when they fix another security vulnerability involving cross-domain iframes.

You can get around the cross-domain restrictions using JSONP. There's a good explanation over here.

I've used JSONP many times to use JavaScript across domains.