Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > preventing Access/Permission Denied errors

Reply
Thread Tools

preventing Access/Permission Denied errors

 
 
Nick
Guest
Posts: n/a
 
      05-07-2004
OK Guys and Gals,

I've got a script that does some work with the document object in
another frame.

This works fine until the other frame contains a document on another
domain. This of course produces a permission error.

I don't actually want to do anything with the document if the page is
on a different domain BUT I do want to detect this situation before it
occurs, and then allow my script to terminate peacefully instead of
producing an error.

How can I do this?

I suppose I could use IE's try and catch, but that means I'll still
have problems on other browsers.

All suggestions gratefully received.

Cheers

N
 
Reply With Quote
 
 
 
 
Ron
Guest
Posts: n/a
 
      05-07-2004
Nick wrote:

>[snip]
>
>I suppose I could use IE's try and catch, but that means I'll still
>have problems on other browsers.
>
>

try{...} catch{...} isn't IE, it's ECMAScript 3
<http://www.ecma-international.org/publications/standards/Stnindex.htm>,
which Javascript 1.5 is an implementation of. I've used try{...}
catch{...} on Mozilla and Firefox with no problems.
 
Reply With Quote
 
 
 
 
Richard Cornford
Guest
Posts: n/a
 
      05-07-2004
Nick wrote:
<snip>
> I don't actually want to do anything with the document if the page is
> on a different domain BUT I do want to detect this situation before it
> occurs, and then allow my script to terminate peacefully instead of
> producing an error.
>
> How can I do this?
>
> I suppose I could use IE's try and catch, but that means I'll still
> have problems on other browsers.

<snip>

They aren't IE's try-catch, they are specified in ECMA 262 3rd edition,
and implemented in JavaScript 1.4+, but they do represent a syntax error
in all earlier versions so are generally best avoided in cross-browser
scripting (at least for another couple of years).

You cannot determine that a document in the other frame is from a
different domain because of the security restrictions, as you have
discovered. But you don't really need to as all you actually need to
know is whether the page in the other frame is from your domain, and
thus safe to interact with. Your own pages are in a position to report
their presence to the frameset.

So, for example, you could have each of your own pages set a variable in
the frameset to true from it's onload event, and then re-set that
variable to false in its onunload event. You would then know that it was
safe to interact with the other frame whenever the variable was set to
true and unsafe whenever it was false.

Richard.


 
Reply With Quote
 
Cindy Lee
Guest
Posts: n/a
 
      05-07-2004
How can I add a safe domain? I get an access error when doing this
document.all("dynamicFrame"); //my iframe



function iframeResize() {
var oBody = dynamicFrame.document.body;
var oFrame = document.all("dynamicFrame");
oFrame.style.height = oBody.scrollHeight
+oBody.offsetHeight-oBody.clientHeight;

//This is the alert call that miraculously makes this function
alert(caller +" oFrame.style.height = " +oFrame.style.height);
}

//Description:Initializes the page by creating the scroll objects
//setting browser specific information
function InitializePage(){
//d_bw.ns4||d_bw.ns5?"":iframeResize();
setTimeout("iframeResize()",2000);
//iframeResize();
}


<IFRAME APPLICATION="yes" style="width:100%;" ID="dynamicFrame"
NAME="dynamicFrame" frameborder="no" scrolling="no"
SRC="https://mydomain.com/page.jsp"> Sorry, you need inline frames to fully
see this page. </IFRAME>





"Richard Cornford" <(E-Mail Removed)> wrote in message
news:c7grmj$nos$1$(E-Mail Removed)...
> Nick wrote:
> <snip>
> > I don't actually want to do anything with the document if the page is
> > on a different domain BUT I do want to detect this situation before it
> > occurs, and then allow my script to terminate peacefully instead of
> > producing an error.
> >
> > How can I do this?
> >
> > I suppose I could use IE's try and catch, but that means I'll still
> > have problems on other browsers.

> <snip>
>
> They aren't IE's try-catch, they are specified in ECMA 262 3rd edition,
> and implemented in JavaScript 1.4+, but they do represent a syntax error
> in all earlier versions so are generally best avoided in cross-browser
> scripting (at least for another couple of years).
>
> You cannot determine that a document in the other frame is from a
> different domain because of the security restrictions, as you have
> discovered. But you don't really need to as all you actually need to
> know is whether the page in the other frame is from your domain, and
> thus safe to interact with. Your own pages are in a position to report
> their presence to the frameset.
>
> So, for example, you could have each of your own pages set a variable in
> the frameset to true from it's onload event, and then re-set that
> variable to false in its onunload event. You would then know that it was
> safe to interact with the other frame whenever the variable was set to
> true and unsafe whenever it was false.
>
> Richard.
>
>



 
Reply With Quote
 
Richard Cornford
Guest
Posts: n/a
 
      05-07-2004
Cindy Lee wrote:
> How can I add a safe domain?


Questions of that quality are likely to receive fatuous answers. What on
earth are you talking about?

> I get an access error when doing this
> document.all("dynamicFrame"); //my iframe

<snip>

Yes, that is a statement that is likely to produce an error of one sort
or another in most browsers.

Richard.


 
Reply With Quote
 
Nick
Guest
Posts: n/a
 
      05-09-2004
"Richard Cornford" <(E-Mail Removed)> wrote in message news:<c7grmj$nos$1$(E-Mail Removed)>...

<snip>
>
> They aren't IE's try-catch, they are specified in ECMA 262 3rd edition,
> and implemented in JavaScript 1.4+, but they do represent a syntax error
> in all earlier versions so are generally best avoided in cross-browser
> scripting (at least for another couple of years).


Hmmm... I share your concerns about cross browser scripting, even if
try...catch is available on other browsers. The kind of people my
application is written for may well have older browsers with older
versions of js.


> So, for example, you could have each of your own pages set a variable in
> the frameset to true from it's onload event, and then re-set that
> variable to false in its onunload event. You would then know that it was
> safe to interact with the other frame whenever the variable was set to
> true and unsafe whenever it was false.


Richard, this is an excellent suggestion. Unfortunately I cannot add
any js to the pages on the domain I am working on! The script I was
talking about runs on a page which acts as a kind of "client
statistics utility" for a customer's web site. I can't then ask my
customers to alter all of their pages (either by adding some code or
src-ing a js file). It's just not viable.

I appreciate the suggestion though, and if you or any others can think
of a viable alternative to try...catch that would be great. Otherwise,
looks like I've got to do some js version detection, and have to
prevent users with js 1.4 downwards from using my utility. Bummer.

Cheers for your continuing help!

N
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Preventing 'bad' filenames from raising errors in os.path python@bdurham.com Python 4 05-03-2008 10:27 PM
Preventing "Validation" errors in vs.net error list? Steve Franks ASP .Net 0 11-05-2005 04:08 PM
Preventing runtime errors Graham Nicholls Ruby 5 07-09-2004 04:41 PM
Preventing HTML Errors from web service =?Utf-8?B?SmVycnkgSg==?= ASP .Net 1 04-27-2004 09:51 PM
Errors, errors, errors Mark Goldin ASP .Net 2 01-17-2004 08:05 PM



Advertisments