1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cross Domain Submit

Discussion in 'HTML & JavaScript' started by jmm223, Feb 5, 2009.

  1. jmm223

    jmm223 Registered Member

    Joined:
    Apr 10, 2007
    Messages:
    79
    Likes Received:
    25
    Ok, I have been searching for this for at least a week, and have been driving myself crazy trying tons of code snippets, etc...
    I believe it is possible, so I was hoping someone could point me in a good direction, or tell me that it doesn't exist. ;)

    Hypothetically, say I am iframing a zip submit offer (just the form part) and I want to make something happen once they have submitted the form. (i.e. break out of the frame, and reveal the actual submit destination)

    When dealing with a cross-domain situation, How do I either:
    A) put a button on my page that submits the iframed form.
    or
    B) detect when the iframed form has been submitted.
    or
    C) maybe there is some method that I haven't thought of?

    Any help is greatly appreciated. :)
     
  2. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    1,001
    Well I've never done this myself but I think that this would be possible with the 'on submit' event, which occurs when the submit button is clicked.

    Code:
    <form name="zipform" action="whateverscript" 
    onsubmit="window.location='http://www.example.com/'">
    Just a thought. I haven't tested that. GL.
     
  3. jmm223

    jmm223 Registered Member

    Joined:
    Apr 10, 2007
    Messages:
    79
    Likes Received:
    25
    Thanks Grizzy, however that isn't what I am looking for.

    I need to submit a form that is on an external site, or at least check to see when it is submited.
     
  4. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    1,001
    Ok sorry, I see what your getting at here. So basically you are asking if it is possible for to detect activity in an iframe that
    references a foriegn domain? No, I don't think it is possible, this would be a big security hole and is a no no for browsers. If you were able to do this, you would be moving into the realm of blakhat browser hacking (or cross-site scripting!). I could be wrong about this tho...
     
  5. jmm223

    jmm223 Registered Member

    Joined:
    Apr 10, 2007
    Messages:
    79
    Likes Received:
    25
    Yes, now you understand.

    I am beginning to think it isn't possible as well...except I keep seeing people that claim they are doing it, and that it IS possible. But they won't talk about how of course. :(
     
  6. WickednDivine

    WickednDivine Regular Member

    Joined:
    Jul 29, 2008
    Messages:
    471
    Likes Received:
    345
    this would be considered XSS, I dont think it's "supposed" to be possible, but you might be able to find some workarounds. google "XSS form submit" or something
     
  7. blazed

    blazed Junior Member

    Joined:
    Aug 15, 2008
    Messages:
    178
    Likes Received:
    119
    browsers prevent this from happening, if you are able to do what you are trying to do then you have effectively found a security hole in the browser you are using...
     
  8. jmm223

    jmm223 Registered Member

    Joined:
    Apr 10, 2007
    Messages:
    79
    Likes Received:
    25
    Wow...there is some interesting stuff involved in XSS...mostly involving stealing info.

    I thought I was on to something, but again...no luck.

    But again, I am not trying to steal any data, or even send fake info to the form...I just want to click the button on the iframed page. (or know when the user clicked the button)
     
  9. cyklotrial

    cyklotrial Regular Member

    Joined:
    Oct 13, 2008
    Messages:
    248
    Likes Received:
    82
    Location:
    Wonderland
    Try this:
    HTML:
    <script type="text/javascript">
    var buttonclick = true;
    </script>
    
    <iframe src="http://google.com" onload='if (!buttonclick) { alert("WOW") } else { buttonclick = false; }'></iframe>
    When the page in the frame will change (somebody will send the zip form) you will see allert.
    There is a method to intercept data which somebody will write down in form in the iframe - But it isn't perfect method.

    Ps. You can hide this JS code in jquery file and almost nobody will see it :D

    Regards
     
    • Thanks Thanks x 1
  10. blazed

    blazed Junior Member

    Joined:
    Aug 15, 2008
    Messages:
    178
    Likes Received:
    119
    I think it might also be possible to do something crafty if you have your AM place a tracking pixel for you on the conversion page...
     
  11. jmm223

    jmm223 Registered Member

    Joined:
    Apr 10, 2007
    Messages:
    79
    Likes Received:
    25
    Cyk...that is EXACTLY what I needed.
    I think I love you. ;)
     
  12. cyklotrial

    cyklotrial Regular Member

    Joined:
    Oct 13, 2008
    Messages:
    248
    Likes Received:
    82
    Location:
    Wonderland
    blazed what do you mind?
     
  13. blazed

    blazed Junior Member

    Joined:
    Aug 15, 2008
    Messages:
    178
    Likes Received:
    119
    Lots of advertisers & affiliates like to use tracking pixels to keep track of conversions. A tracking pixel is a 1x1 img or iframe hosted on the advertiser's tracking server. So it looks invisible, but every time it's displayed an advertiser sees that request and knows they made a sale.

    Potential for evil is here: Lets say you get your AM to agree to let you use your own tracking pixel on the page after the conversion. You would then have pretty much circumvented the cross domain restrictions...
     
  14. 195471

    195471 Regular Member

    Joined:
    Oct 11, 2008
    Messages:
    417
    Likes Received:
    261
    It's possible, but the workarounds that I've seen all involve modifying some code on the external domain, which you wouldn't have access to unless you either owned it or had the cooperation of the other webmaster.