I am working on a project that involves hosting a webpage in a iframe, while the hosting parent iframe is in a HTML file on local disk, say on c:\; while the inner hosted iframe is on some server. The two webpages need to do postmessage to each other.

There is no problem for the parent iframe (on local disk) to postmessage to the inner frame, since it knows the domain of the inner iframe;

But when the inner iframe need to postmessage back to the parent iframe, it need to provide the domain of the parent iframe which is on local disk.

I tried the following in the inner HTML to postmessage to its parent IFrame, which is on local disk:

*var messageToSend = {
                        jsonrpc: "2.0",
                        result: [result]
                    };
window.parent.postMessage(JSON.stringify(messageToSend), "file://");*

// window.parent IFrame is a HTML file that is on Local disk

But when I try using "file:" as the domain in postmessage back to the parent iframe, I am getting a "Invalid argument" error.

Can some one help? What should the domain of "local disk html" be? Any hints will be highly appreciated.

Cheers

I am working on a project that involves hosting a webpage in a iframe, while the hosting parent iframe is in a HTML file on local disk, say on c:\; while the inner hosted iframe is on some server. The two webpages need to do postmessage to each other.

There is no problem for the parent iframe (on local disk) to postmessage to the inner frame, since it knows the domain of the inner iframe;

But when the inner iframe need to postmessage back to the parent iframe, it need to provide the domain of the parent iframe which is on local disk.

I tried the following in the inner HTML to postmessage to its parent IFrame, which is on local disk:

*var messageToSend = {
                        jsonrpc: "2.0",
                        result: [result]
                    };
window.parent.postMessage(JSON.stringify(messageToSend), "file://");*

// window.parent IFrame is a HTML file that is on Local disk

But when I try using "file:" as the domain in postmessage back to the parent iframe, I am getting a "Invalid argument" error.

Can some one help? What should the domain of "local disk html" be? Any hints will be highly appreciated.

Cheers

• javascript
• file
• local
• postmessage

• coz isn't a word. If you want to be taken seriously, be serious. – Diodeus - James MacFarlane Commented Mar 28, 2011 at 23:56
• having some code might help... – DashK Commented Mar 29, 2011 at 0:42

1 Answer 1

I don't know how to specify "file", I'm guessing there is no way because it doesn't make much sense. The purpose of the origin is to prevent others (presumably malicious) pages from seeing your message, but if the origin is just any file on the hard disk, anyone could see it by creating an html file with a frame and loading your web page from your server. So specifying "file" (even if there were a way) is no more secure than specifying " * ", so just use " * " and save yourself the headache.