Javascript and server security?

[Peter Johnson]

I have a file that is used by a number of different clients. It is pulled into their website via iframe.

On this file, I have put a script that writes content differently, based on the top or parent document's URL. I am using an if/else statement:

Code:

parent.document.URL.substr(parent.document.URL.lastIndexOf("/"),6).toLowerCase();

However, on 2 of the clients, I am getting nothing - no error message, just a blank where the content should be. I then tried to see if I got anything, just from the following on these clients:

Code:

parent.document.URL
top.document.URL
parent.location.href

Again - everyone returns the URL of the top document, except these 2 clients - on them, it's not undefined, not error - just blank
Is there some kind of server security issue that is causing this not to work? Thanx.

[jscheuer1]

Probably, but even if there isn't, there is obviously a problem in retrieving the information.

This is why, when client identification is required in these types of situations, the client is generally given an identification code, a string like:

pj53742

Then when they call your script, they can either set it earlier on their page:

Code:

<script type="text/javascript">
var pjClientID='pj53742';
</script>

Or as a query portion of the URL calling the script, ex:

Code:

<script type="text/javascript" 
src="http://www.yourdomain.com/scripts/thescript.js?id=pj53742">
</script>

Then if your other routine returns an empty string, you can look for this variable's or this query's value. Or just rely exclusively upon it for identifying which client is using the script. The variable's value may be easily retrieved, as long as it is set on the page prior to the tag for your script. The query's value can also be easily retrieved, but the best method for doing so would depend upon your server, although - if nothing is available to you there, a client side method can be used.

[Peter Johnson]

Thank you - I'll give that a try