hwg-languages archives Jun 2000 new search results previous next

Re: frame security

by "Cyanide _7" <leo7278(at)hotmail.com>

 Date:  Thu, 01 Jun 2000 18:36:37 CDT
 To:  jade(at)edoc.com,
parm(at)erols.com
 Cc:  hwg-languages(at)hwg.org
  todo: View Thread, Original 
>There is some built in javascript security that prevents you from accessing
>information about windows (and frames not  within your domain and port
>number for that matter).

not exactlly. you are not allowed to access the *document* of a page not 
within your domain (and apparently port). certain window properties that are 
merely shortcuts for values in the document are also restricted. values like 
the location.href return blank (at least these dont error).

>This to prevent nefarious types from fooling
>unsuspecting users into dealing their passwords and such out to other 
>sites.
>
>I think there's a way to query the user for permision to do this but its
>probably not worth the effort.

yes, netscape can ask for priveledges from the priveledgeManager, but im not 
sure IE can... in any case, if your trying to store and access hidden values 
between pages/domains, try storing them in the window object as properties. 
they can be read form other domains. - Cyanide_7

>
>
>At 11:30 -0500 6/1/00, James Pasmantier wrote:
> >I have a frameset with a top and bottom frame.  Normally
> >accessing Javascript or hidden variables between frames
> >works fine.  I'm using:
> >
> >parent.frameName.document.formName.elementName.value
> >or
> >parent.frameName.jsValue
> >
> >However, moving forward we plan to have certain pages in the
> >bottom frame loading from remote servers .  In early tests
> >I've had difficulty accessing values in the top frame from
> >the bottom frame of pages loaded from remote servers.  The
> >error in IE 5 that I get is "Access is denied".
> >
> >I'm assuming this is a security issue, which makes complete
> >sense, but I was wondering if anyone can suggest a mistake
> >on my part I could look for, or another method to have
> >access to these aforementioned values.
> >
> >Thanks,
> >
> >    james
>
>-----------------------
>    Jeff Adelsberger
>  Production Specialist
>    Dynamic Diagrams
>          Baltimore
>phone:     410.694.4149
>email:    jade(at)edoc.com
>-----------------------

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA