一、document.domain + document.cookie
- a.html(http://aaa.demo.com/a.html)
<!DOCTYPE html>
<html lang="zh">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title></title>
</head>
<body>
<iframe src="http://bbb.demo.com/b.html" style="display: none;"></iframe>
<script>
document.domain = 'demo.com';
console.log(document.cookie);
</script>
</body>
</html>
- b.html(http://bbb.demo.com/b.html)
<!DOCTYPE html>
<html lang="zh">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title></title>
</head>
<body>
<script>
document.domain = 'demo.com';
document.cookie = 'foo=bar';
</script>
</body>
</html>
二、document.domain + window.parent
- a.html(http://aaa.demo.com/a.html)
<!DOCTYPE html>
<html lang="zh">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title></title>
</head>
<body>
<iframe src="http://bbb.demo.com/b.html"></iframe>
<script>
document.domain = 'demo.com';
function callback(retval) {
console.log(retval);
}
</script>
</body>
</html>
- b.html(http://bbb.demo.com/b.html)
<!DOCTYPE html>
<html lang="zh">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title></title>
</head>
<body>
<script>
document.domain = 'demo.com';
var data = 'Hello World!';
window.parent.callback(data);
</script>
</body>
</html>