Menu
▾
▴
dynapi-help
|
From: Raymond I. <xw...@ya...> - 2002-12-15 17:54:54
|
Hello,
I'm getting an Permission or Acess Denied error in IE
whenever I try to acess the document object of an
IFRAME who's location was set to load a page from a
different domain.
Is there a solution to this problem?
Here's a sample page that generates the error in IE:
<html>
<head>
<title>IFRAME cross-domain test</title>
<script language="Javascript">
function init(){
var fr=window.frames["ifrm"];
fr.location.href="http://some-other-domain/index.html";
window.setTimeout("testDoc()",2000);
}
function testDoc(){
var fr=window.frames["ifrm"];
// If I try to access the document object or the
location object
// I get a Permission or Access denied error
var doc=fr.document;
alert(doc);
}
</script>
</head>
<body onload="init()">
<iframe name="ifrm" src=""></iframe>
</body>
</html>
--
Raymond Irving
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
|
|
From: <ts...@ep...> - 2002-12-16 00:21:45
|
I think you'd have to find a very old browser version to make this script
work ;-)
You're right, this is as permission problem - and I don't think there is a
solution to it. If there was you'd be able to a sneaky "sniffer"-script
which could report sensitive informatioin back to whoever wrote the
script...
But if someone does know how to solve the cross-frames problems, I'd also
like to hear it!
Regards,
Thomas Søndergaard
www.alternativ.dk
----- Original Message -----
From: "Raymond Irving" <xw...@ya...>
To: <dyn...@li...>; <dyn...@li...>
Sent: Sunday, December 15, 2002 6:54 PM
Subject: [Dynapi-Help] IFRAME cross-domain security permissions
> Hello,
>
> I'm getting an Permission or Acess Denied error in IE
> whenever I try to acess the document object of an
> IFRAME who's location was set to load a page from a
> different domain.
>
> Is there a solution to this problem?
>
> Here's a sample page that generates the error in IE:
>
> <html>
> <head>
> <title>IFRAME cross-domain test</title>
> <script language="Javascript">
> function init(){
> var fr=window.frames["ifrm"];
>
> fr.location.href="http://some-other-domain/index.html";
> window.setTimeout("testDoc()",2000);
> }
>
> function testDoc(){
> var fr=window.frames["ifrm"];
> // If I try to access the document object or the
> location object
> // I get a Permission or Access denied error
> var doc=fr.document;
> alert(doc);
> }
> </script>
> </head>
> <body onload="init()">
> <iframe name="ifrm" src=""></iframe>
> </body>
> </html>
>
>
> --
> Raymond Irving
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility
> Learn to use your power at OSDN's High Performance Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
|
|
From: Doug M. <do...@cr...> - 2002-12-16 02:21:13
|
Actually, the last product I worked on had fraems all over the place. To make things jive, we simply added document.domain = "www.netpcs.com" at the top of each frame. This will fool most versions of IE into thinking that both documents are indeed from the same domain. I do not know of that still will work for the newest browsers. ----- Original Message ----- From: "Raymond Irving" <xw...@ya...> To: <dyn...@li...>; <dyn...@li...> Sent: Sunday, December 15, 2002 9:54 AM Subject: [Dynapi-Dev] IFRAME cross-domain security permissions > Hello, > > I'm getting an Permission or Acess Denied error in IE > whenever I try to acess the document object of an > IFRAME who's location was set to load a page from a > different domain. > > Is there a solution to this problem? > > Here's a sample page that generates the error in IE: > > <html> > <head> > <title>IFRAME cross-domain test</title> > <script language="Javascript"> > function init(){ > var fr=window.frames["ifrm"]; > > fr.location.href="http://some-other-domain/index.html"; > window.setTimeout("testDoc()",2000); > } > > function testDoc(){ > var fr=window.frames["ifrm"]; > // If I try to access the document object or the > location object > // I get a Permission or Access denied error > var doc=fr.document; > alert(doc); > } > </script> > </head> > <body onload="init()"> > <iframe name="ifrm" src=""></iframe> > </body> > </html> > > > -- > Raymond Irving > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > > ------------------------------------------------------- > This sf.net email is sponsored by: > With Great Power, Comes Great Responsibility > Learn to use your power at OSDN's High Performance Computing Channel > http://hpc.devchannel.org/ > _______________________________________________ > Dynapi-Dev mailing list > Dyn...@li... > http://www.mail-archive.com/dyn...@li.../ > > |
|
From: Robin B. <ro...@re...> - 2002-12-16 11:05:43
|
In article <200...@we...>, Raymond Irving <xw...@ya...> writes >Hello, > >I'm getting an Permission or Acess Denied error in IE >whenever I try to acess the document object of an >IFRAME who's location was set to load a page from a >different domain. > .....isn't this intended as part of a fix for cross-scripting vulnerabilities? -- Robin Becker |
|
From: Raymond I. <xw...@ya...> - 2002-12-16 14:16:36
|
Yes, I've found out that it a security feature :( I've been playing with SODA-RPC and was trying some cross-domain script to try and load dynapi soda-rpc web services from a different domain. But as it turned out this can't be done in asynchronous mode, but got it to work in synchronous mode! :) This means that a user can have an alarm clock web service at www.somewhere.com and you can sync your web page time from www.anywhere.com with the alarm clock servcice. Thanks alot for you feedback. -- Raymond Irving --- Robin Becker <ro...@re...> wrote: > In article > <200...@we...>, > Raymond > Irving <xw...@ya...> writes > >Hello, > > > >I'm getting an Permission or Acess Denied error in > IE > >whenever I try to acess the document object of an > >IFRAME who's location was set to load a page from a > >different domain. > > > .....isn't this intended as part of a fix for > cross-scripting > vulnerabilities? > -- > Robin Becker > > > ------------------------------------------------------- > This sf.net email is sponsored by: > With Great Power, Comes Great Responsibility > Learn to use your power at OSDN's High Performance > Computing Channel > http://hpc.devchannel.org/ > _______________________________________________ > Dynapi-Help mailing list > Dyn...@li... > https://lists.sourceforge.net/lists/listinfo/dynapi-help __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X