I am relatively new in web development and I needed your help with the following.
I am creating a basic website using Django where a user can manage his portfolio. Now I was using this widget from Tradingview.com in this manner.
Now what I wanted to know was if I could somehow store what the user was adding in the watchlist in the database itself and load it when the widget loads next time
Tradingview.com's widget is implemented using an iframe tag on your website, so you want to execute javascript inside the iframe so everytime a user adds to his wishlist you sent an ajax request to your django backend.
but thats not possibles if the widget is from another domain than tradingview.com
Calling a parent JS function from
iframeis possible, but only when both the parent and the page loaded in theiframeare from same domain i.e. abc.com, and both are using same protocol i.e. both are either onhttp://orhttps://.The call will fail in below mentioned cases:
- Parent page and the iframe page are from different domain.
- They are using different protocols, one is on http:// and other is on https://.
Any workaround to this restriction would be extremely insecure.
For instance, imagine I registered the domain superwinningcontest.com and sent out links to people's emails. When they loaded up the main page, I could hide a few
iframes in there and read their Facebook feed, check recent Amazon or PayPal transactions, or--if they used a service that did not implement sufficient security--transfer money out of their accounts. That's why JavaScript is limited to same-domain and same-protocol.
