Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > cross frame scripting

Reply
Thread Tools

cross frame scripting

 
 
Vongza
Guest
Posts: n/a
 
      12-26-2005
<html>
<head>
<title>Cross Frame Reference</title>
<script language="javascript">
function showThisTitle() {
alert(document.title);
}
function showAnotherTitle() {
try {
alert(anotherWorld.document.title);
}
catch (e) {
alert(e);
}
}
</script>
</head>
<body>
<iframe width="100%" height="50%" name="anotherWorld"
src="http://www.google.co.kr/"></iframe><br><br>
<div align="center">
<input type="button" value="Show this title"
onClick="showThisTitle();">
<input type="button" value="Show iframe's title"
onClick="showAnotherTitle();">
</div>
</body>
</html>

in the code above, i cannot get the document title of iframe.
i have understood it was because of security problem.

how can i get the title, (location.)href or (domain.)url of iframe
beyond security problem?

 
Reply With Quote
 
 
 
 
Danny
Guest
Posts: n/a
 
      12-26-2005
You can't , mozilla points out to using a signed script, meaning, a
script with some certificate to disable the security, coming from the
domain loaded in the frame, but all that's on the server, not client.

Danny
 
Reply With Quote
 
 
 
 
Martin Honnen
Guest
Posts: n/a
 
      12-26-2005


Vongza wrote:


> <iframe width="100%" height="50%" name="anotherWorld"
> src="http://www.google.co.kr/"></iframe>


> how can i get the title, (location.)href or (domain.)url of iframe
> beyond security problem?


If the iframe contains a document loaded from the same origin as the
parent document then script in the parent document can access
window.frames.anotherWorld.location.href
window.frames.anotherWorld.location.host
window.frames.anotherWorld.document.title

I am not sure what "beyond security problem" means, if you are looking
for ways to script such a document on a remote host with script from
your own document then on Windows instead of IE you could use HTA, HTML
applications as there your script is not subjected to the same origin
policy. Or you could write a Windows Script Host script to automate an
IE browser window into which you load that URL, that way your Windows
Script Host script has access to the objects IE exposes for the document.
With Mozilla/Netscape you don't need an HTA but could write your own
local HTML document referencing that external frame document and then
your script in the local HTML document is able to request privileges to
do stuff normally not allowed, e.g. access that frame. But that will
only work if your own HTML document is being loaded locally and the
browser users then in a dialog grants the script the privilege. If you
have a document on a HTTP server then you need signed script.
Here is an example, if you load that from the local file system in
Mozilla or Firefox then every time a document has been loaded in the
iframe the script requests the UniversalBrowserRead privilege for cross
domain scripting, so the browser will fire up a dialog asking the user
to grant or deny the privilege and if granted the script access the
iframe and its document:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>requesting privilege in Mozilla</title>
<script type="text/javascript">
function output (text, tagName, parentNode) {
tagName = tagName || 'p';
parentNode = parentNode || document.body;
var doc = parentNode.ownerDocument;
var element = doc.createElement(tagName);
element.appendChild(doc.createTextNode(text));
parentNode.appendChild(element);
}

function privilegeTest () {
if (typeof netscape != 'undefined' &&
typeof netscape.security != 'undefined' &&
typeof netscape.security.PrivilegeManager != 'undefined' &&
typeof netscape.security.PrivilegeManager.enablePrivilege !=
'undefined')
{
try {

netscape.security.PrivilegeManager.enablePrivilege ('UniversalBrowserRead');
try {
var frame = window.frames.remoteFrame;
output('location.href: ' + frame.location.href);
output('location.host: ' + frame.location.host);
output('title: ' + frame.document.title);
var p = frame.document.getElementsByTagName('p')[0];
if (p != null) {
p.appendChild(p.ownerDocument.createTextNode(
' Kibology for all. '));
}
}
catch (e1) {
output('Error ' + e.message);
}
}
catch (e) {
output('Privilege not granted: ' + (typeof e == 'string' ? e :
e.message));
}
}
}
</script>
</head>
<body>

<h1>privilege test</h1>

<div>
<iframe name="remoteFrame"
width="100%"
height="400"
onload="privilegeTest();"
src="http://www.mozilla.com/"></iframe>
</div>
</body>
</html>

--

Martin Honnen
http://JavaScript.FAQTs.com/
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IE "Mark of the Web" cross-frame scripting? taoberly@mindspring.com Javascript 11 07-20-2006 07:18 PM
cross frame scripting WT ASP .Net 1 05-04-2006 04:31 PM
Cross-frame scripting and Localhost taoberly@mindspring.com Javascript 4 04-24-2006 05:59 PM
DOM Created Elements / Cross Frame Scripting Problem. Firefox NoCopy na Javascript 6 06-21-2005 08:25 PM
Cross-Frame Scripting, IFRAME and https (access denied) Cindy Lee Javascript 1 05-07-2004 06:18 PM



Advertisments