Entering content frame

Object documentation JavaScript Origin Policy Locate the document in its SAP Library structure

The JavaScript Origin Policy controls the access to the Document Object Model (DOM) from different frames. Scripting between two frames is permitted only if both frame sources come from the same top level domain.

Example

Frame 1

Frame 2

Scripting permitted

site1.page2.mydomain.com

site2.page3.mydomain.com

Yes

site1.mydomain.com

site2.yourdomain.com

No

The EPCF service automatically sets the document domains to top level.

All browsers support the JavaScript Origin Policy, so foreign web sites are unable to retrieve data from the Portal page or the iViews.

An similar origin policy also applies for the Java Virtual Machine (JVM). Classes/objects can only interact with classes/objects which are loaded from the same location. Therefore it is impossible for a foreign applet to access the data inside the Client Data Bag or use the Client Data Channel.

Leaving content frame