Show TOC Start of Content Area

Background documentation JavaScript Origin Policy  Locate the document in its SAP Library structure

The JavaScript Origin Policy controls the access to the Document Object Model (DOM) from different frames. Scripting between two frames is permitted only if both frame sources come from the same top level domain.

All browsers support the JavaScript Origin Policy, so foreign web sites are unable to retrieve data from the portal page or the iViews.

An similar origin policy also applies for the Java Virtual Machine (JVM). Classes/objects can only interact with classes/objects which are loaded from the same location. Therefore it is impossible for a foreign applet to access the data inside the Client Data Bag or use the Client Data Channel.

For more information see Microsoft documentation at internet address msdn.microsoft.com/library/default.asp?url=/workshop/author/om/xframe_scripting_security.asp
and modzilla documentation at internet adress
www.mozilla.org/projects/security/components/same-origin.html

 

End of Content Area