Document.domain implementation of JS cross-domain

Https://www.cnblogs.com/fsjohnhuang/archive/2011/12/07/2279554.html

Document.domain

The domain name used to get the current page.
For example, in the Address bar, enter:

Javascript:alert (Document.domain); Www.forjj.com

We can also assign a value to the Document.domain property, but there are limits, you can only assign the current domain name or the base domain name.
Like what:
Javascript:alert (document.domain = "forjj.com"); Forjj.com
Javascript:alert (document.domain = "www.forjj.com"); Www.forjj.com

The above assignment is successful because www.forjj.com is the current domain name, and forjj.com is the base domain.

However, the following assignment will come up with an "invalid parameter" error:
Javascript:alert (document.domain = "cctv.net"); Invalid parameter
Javascript:alert (document.domain = "ttt.forjj.com"); Invalid parameter

Because Cctv.net and ttt.forjj.com are not the current domain name and are not the base domain of the current domain name, there will be errors.
This is to prevent malicious modification of document.domain to achieve cross-domain data theft.


cross-domain implementation with Document.domain:
Prerequisites: These two domain names must belong to the same base domain name! And the protocol used, the port must be consistent, or you can not use Document.domain cross-domain

JavaScript prohibits two or more pages of different domains from interacting with one another for security reasons.
Pages in the same domain do not have any problems when working with each other.

For example, a Web page in aaa.com (a.html) uses an IFRAME to introduce a Web page (b.html) in a bbb.com.
You can see the contents of b.html in a.html, but you can't use JavaScript to manipulate it. Because these two pages belong to a different domain, before the operation, JS will detect two pages of the domain is equal, if it is equal, allow its operation, if not equal, will reject the operation.
It is impossible to change a.html and b.html using JS to the same domain. Because their underlying domain names are not equal. (forcing JS to change them to equal fields will be reported with the same "parameter invalid error.") "）

So if you introduce another page in the aaa.com in a.html, there is no problem because the domain is equal.

In another case, two subdomains:
Aaa.xxx.com
Bbb.xxx.com

One of the pages in AAA (a.html) introduced a Web page in BBB (b.html),
At this time a.html also can not manipulate the contents of b.html inside.
Because Document.domain is not the same, one is aaa.xxx.com and the other is bbb.xxx.com.

At this point, we can change the domain of two pages into the same JavaScript,
Need to join in a.html and b.html:

Document.domain = "xxx.com";
This way the two pages will be able to manipulate each other. That is, the "cross-domain" between the same base domain is implemented.

Document.domain implementation of JS cross-domain