View Full Version : Lytebox with iFrame Help

05-01-2010, 06:23 PM
Alright so I'm trying to have lytebox work with my website.
The homepage has my blog(hosted on blogspot) within an iframe. I have included the right iframe attributes to the posts in my blog for the pictures, have included the lytebox.js file in my blog's source and included the lytebox.css in my website source(I think the term is parent document?). For some reason, they are not working. I'm kinda stumped right now and have no idea what to do. Lytebox worked before when I had it just on the blogspot platform but since i've incorporated it into my site within an iframe, it hasnt been working.

05-02-2010, 02:44 AM
If I understand you correctly, you are trying to show (using Lytebox's ability to open on the 'top' page) the enlarged Lytebox image on a page from another domain other than that from which the image and/or the original Lytebox script are on.

If I have that right, the answer is no. All modern browsers prohibit (for security reasons) the sort of cross domain scripting that is required to accomplish that.

05-02-2010, 04:43 AM
Aww is that so. That kinda kills my idea... would it be possible for it to work if i had hosted the blog on a subdomain under my website's domain as opposed to blogspot's default?

05-02-2010, 01:53 PM
Possibly. There are sub-domains and there are sub-domains. If the sub-domain of the blog is clearly on the same domain as the main site it will work. Clearly is the keyword here. What is clear to you or I is not always clear to the browser. Off hand I'm not up on what the rules are precisely. Some sub-domains' DNS share nothing in common with the DNS of the parent domain. That type of sub-domain is definitely out, the browser will not see it as the same domain. Others incorporate the DNS of the parent domain in their DNS in various ways. I'm not sure if any of these would work. I've seen two types I can think of, say the parent is:


a sub-domain could be (this type has the best chance at working but I cannot guarantee it):


or it could be:


The second one might work, but I doubt it. It's trickier than you might think. If a child page (one inside an iframe), even one on the same domain tries to communicate via javascript with the parent page and its DNS is different - say one uses the www. prefix and the other doesn't, it will still be a security violation as far as the browser is concerned. This can be avoided by always using relative paths - that way the www. will be there for all or not for any, depending upon how the user got to the first page on the site. But it's easy to allow an absolute path to creep in when coding your site. There are even cases where it might be hard or impossible to avoid. Depending upon where that absolute path is in relation to the page and the iframe page, if it can influence how one but not the other of their DNS's appears in the address bar it could mess things up. Another example is that if one page uses the DNS and the other uses the numerical version, cross page scripting will not be allowed.