3

I have an issue with trying to retrieve an object from an iFrame using postMessage. Essentially, I have an iFrame I am being forced to use to hit a SAML authentication endpoint. The SAML endpoint returns javascript object to the iFrame, which then sends that object to the parent window as part of a parent.postMessage event:

parent.postMessage(authResponse,"*");

In Chrome and newer versions of IE, the parent window event listener snags the object just fine, and we are off and running. However, in IE 9 the iFrame doesn't send the object, it sends a string like "[Object object]".

So of course code that tries to reference object attributes like authResponse.token fail. I have looked at the docs for postMessage and I see how you can detect whether your browser will send an object or a string. I also believe that I can't just look at the contents of the iFrame because it is indeed cross-domain.

I cannot control the contents of the iFrame (have the auth objectsent as a json string, or have the iFrame include some polyfill, etc). So my question is, am I out of options? Can anyone think of a creative hack that might suit?

Thanks!

Community
  • 1
  • 1
tengen
  • 2,125
  • 3
  • 31
  • 57
  • If the code expects that IE8 and 9 will accept an object as a parameter to `postMessage()`, then it's just broken. Those browsers simply won't do that. – Pointy Mar 05 '14 at 17:47
  • @Pointy I believe you are right, and I haven't thought of a way around it. If you would like to post as an answer, I'll accept! Thank you. – tengen Mar 06 '14 at 22:15

1 Answers1

4

Older versions of Internet Explorer that support postMessage() simply don't support object serialization through the interface. Even older versions of Firefox didn't support that, but because independent browsers tend to update themselves aggressively that's not a practical concern.

If you're dealing with code that assumes it can use postMessage() to transmit objects, then it just won't work in IE before IE10.

Pointy
  • 405,095
  • 59
  • 585
  • 614