I agree, but I think I'm not making my point clearly. I believe the following approach to sending Jmol script is legal and harmless. Note the branch. Same domain goes via a legal DOM route. Different domain, including desktop double click run goes via legal reload of the frame with Jmol script I the query string. You are allowed to change the URL of a page frame. 

I'm in Atlanta making my way north. Code below...

$("#clk1").click(function () {
var echo = "Do you believe this guy?|He wants to show me off|and he picks ethane!;select hydrogen;color red;delay 1;color yellow"
if (window.location.href.toLowerCase().indexOf(site) < 0) {
$("#vmk2").attr("src",url + "ethane.txt&echo=" + encEcho(echo));
else {
$('#vmk2')[0].contentWindow.introEcho = echo;

Otis Rothenberger

On Jul 31, 2014, at 11:12 PM, Robert Hanson <> wrote:

On Wed, Jul 30, 2014 at 9:05 AM, Otis Rothenberger <> wrote:
By the way, if I'm correct on cross browser legality of this approach, then there is a legal way to manipulate the model with cross frame commands in spite of the fact that frame and page are cross domain.

Pretty sure cross-domain access to DOM of different hosts across an iFrame boundary was the very first thing that was disallowed, long before AJAX. If you could do that, you could capture anyone's credit card information just by embedding a real bank page within an iFrame on your page.


Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
Jmol-users mailing list