Cross Domain scripting error??

Hello;

My index.htm page (www.charlescrumesoftware.com for those interested in
looking) contains 3 frames (left = content, top right = logo, bottom right =
navigation). This domain name is registered with www.mydomain.com and is
stealth forwarded to www.ccthecomputerguy.com (where my *real* web site
currently lives). FWIW, I do this because in the 8+ years I've been on the
web, I've changed ISPs about 5 times and every change requires a new domain
(or problems transferring) and new email addresses requiring boatloads of
people to be notified. This way I have permanent web and e-mail addresses
even though I might change ISP's every six months. Anyway...

I am learning javascript and came up with an idea to adjust the sizes of the
frames primarily as a learning exercise, but also to do something useful --
a visual effect when my page starts. I've gotten everything to work on my
local machine (Win 98se and IE6) and when run directly from my *real* web
site www.ccthecomputerguy.com/index2.htm (I'm using "index2" for testing
purposes).

However, when I access the site from
www.charlescrumesoftware.com/index2.htm, I get "Error: top.frames.xxx is nil
or not an object" (at one time I was getting "Error: Access Denied" -- which
lead me to research cross domain issues on google).

However, now I'm not sure what the problem is or if there is really a "cross
domain" problem. I pretty sure the problem javascript statement is (I can
post more code if needed):

setTimeout("top.frames['xxx'].cols =" + new_params, i*delay_multiplier);

Can anyone help me out, provide some pointers/workarounds, or where to look
for more infomation?

TIA.

Charles...


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.682 / Virus Database: 444 - Release Date: 5/11/04

re: Cross Domain scripting error??

In article <gcxoc.2438$SZ.1349@fe1.columbus.rr.com>, Charles Crume
says...[color=blue]
> However, now I'm not sure what the problem is or if there is really a "cross
> domain" problem. I pretty sure the problem javascript statement is (I can
> post more code if needed):
>
> setTimeout("top.frames['xxx'].cols =" + new_params, i*delay_multiplier);
>
> Can anyone help me out, provide some pointers/workarounds, or where to look
> for more infomation?[/color]

If top.frame is from a different domain, you can't set variables in it.

--
Hywel I do not eat quiche
http://kibo.org.uk/
http://kibo.org.uk/mfaq.php

re: Cross Domain scripting error??

Hi Hywel;

"Hywel" <hyweljenkins@hotmail.com> wrote in message
news:MPG.1b0d2218633883939896db@news.individual.ne t...[color=blue]
> In article <gcxoc.2438$SZ.1349@fe1.columbus.rr.com>, Charles Crume
> says...[color=green]
> > However, now I'm not sure what the problem is or if there is really a[/color][/color]
"cross[color=blue][color=green]
> > domain" problem. I pretty sure the problem javascript statement is (I[/color][/color]
can[color=blue][color=green]
> > post more code if needed):
> >
> > setTimeout("top.frames['xxx'].cols =" + new_params,[/color][/color]
i*delay_multiplier);[color=blue][color=green]
> >
> > Can anyone help me out, provide some pointers/workarounds, or where to[/color][/color]
look[color=blue][color=green]
> > for more infomation?[/color]
>
> If top.frame is from a different domain, you can't set variables in it.[/color]

Right, I know this, but the error message is pretty vague (for us javascript
newbies). I'm understanding most of the stuff people tell me and the stuff I
read -- but having a some difficulty in retaining it all in my head and
keeping it straight. So, if you can bear with me...

As I understand it your pretty much telling me I've got a cross domain
problem because, when www.charlescrumesoftware.com/index2.htm loads the
frames, the frame content comes from page on www.ccthecomputerguy.com and as
this is a different domain I cannot alter the frame contents. Am I correct
so far?

I've read about the document.domain property, and my understanding is that
it only work for the same domain suffix (which is not my case).

Could the initial index2.htm page load a page from www.ccthecomputerguy.com
which could then load the frames and avoid this problem?

TIA.

Charles...



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.683 / Virus Database: 445 - Release Date: 5/12/04

re: Cross Domain scripting error??

In article <GlMoc.3394$SZ.348@fe1.columbus.rr.com>, Charles Crume
says...[color=blue]
> Hi Hywel;
>
> "Hywel" <hyweljenkins@hotmail.com> wrote in message
> news:MPG.1b0d2218633883939896db@news.individual.ne t...[color=green]
> > In article <gcxoc.2438$SZ.1349@fe1.columbus.rr.com>, Charles Crume
> > says...[color=darkred]
> > > However, now I'm not sure what the problem is or if there is really a[/color][/color]
> "cross[color=green][color=darkred]
> > > domain" problem. I pretty sure the problem javascript statement is (I[/color][/color]
> can[color=green][color=darkred]
> > > post more code if needed):
> > >
> > > setTimeout("top.frames['xxx'].cols =" + new_params,[/color][/color]
> i*delay_multiplier);[color=green][color=darkred]
> > >
> > > Can anyone help me out, provide some pointers/workarounds, or where to[/color][/color]
> look[color=green][color=darkred]
> > > for more infomation?[/color]
> >
> > If top.frame is from a different domain, you can't set variables in it.[/color]
>
> Right, I know this, but the error message is pretty vague (for us javascript
> newbies).[/color]

Is it? It's telling you that access to the variable you're after is
denied. That's pretty much it.

[color=blue]
> As I understand it your pretty much telling me I've got a cross domain
> problem because, when www.charlescrumesoftware.com/index2.htm loads the
> frames, the frame content comes from page on www.ccthecomputerguy.com[/color]

Yes.

[color=blue]
> and as
> this is a different domain I cannot alter the frame contents. Am I correct
> so far?[/color]

No. You can alter the *frame* contents (ie. load another document into
the frame) but you can't alter the content of a document that's already
in the frame if that document is from another domain.

[color=blue]
> Could the initial index2.htm page load a page from www.ccthecomputerguy.com
> which could then load the frames and avoid this problem?[/color]

If they're both your domains why bother with all this cross-domain crap.
Structure the site properly and run it from the same domain.


--
Hywel I do not eat quiche
http://kibo.org.uk/
http://kibo.org.uk/mfaq.php

re: Cross Domain scripting error??

[snip]
[color=blue][color=green]
> > Right, I know this, but the error message is pretty vague (for us[/color][/color]
javascript[color=blue][color=green]
> > newbies).[/color]
>
> Is it? It's telling you that access to the variable you're after is
> denied. That's pretty much it.[/color]

Yes, it really is!! The message does not say access is denied *or why*, it
says "top.frames.xxx" is null or not an object (which is correct) -- but to
a newbie it *is* an object. Of course, once one understands the intricacies,
interactions, and security features of javascript (i.e., gets more and more
experience) this stuff becomes known and remembered.

[snip]
[color=blue][color=green]
> > and as
> > this is a different domain I cannot alter the frame contents. Am I[/color][/color]
correct[color=blue][color=green]
> > so far?[/color]
>
> No. You can alter the *frame* contents (ie. load another document into
> the frame) but you can't alter the content of a document that's already
> in the frame if that document is from another domain.[/color]

Well, excuse me for being a little dense here, but while index2.htm is
loaded from a forwarded domain, the frame contents are loaded from the main
domain. I guess I'm just not understanding exactly what is transpiring
during this sequence of events :-( Hopefully the light will come -- and
soon I hope.
[color=blue][color=green]
> > Could the initial index2.htm page load a page from[/color][/color]
www.ccthecomputerguy.com[color=blue][color=green]
> > which could then load the frames and avoid this problem?[/color]
>
> If they're both your domains why bother with all this cross-domain crap.
> Structure the site properly and run it from the same domain.[/color]

I explained the reason why in my initial post. I have no idea what
"structure the site properly" means. Everything on my site WAD except this
frame issue.

Hopefully, I'll come up with a solution.

Thanks for your time and patience.

Charles...


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.683 / Virus Database: 445 - Release Date: 5/12/04

re: Cross Domain scripting error??

Charles Crume wrote:
<snip>[color=blue]
> Well, excuse me for being a little dense here, but while index2.htm is
> loaded from a forwarded domain, the frame contents are loaded from
> the main domain. I guess I'm just not understanding exactly what is
> transpiring during this sequence of events :-( Hopefully the light
> will come -- and soon I hope.[/color]
<snip>

What you re not taking into account is how the "stealth" forwarding is
done. What happens is that when a request for -
www.charlescrumesoftware.com/ ... - is made www.mydomain.com returns a
(probably dynamically generated) frameset page that only has one frame,
and that frame loads the corresponding URL from -
www.ccthecomputerguy.com -.

The effect is that when your index2.htm frameset arrives in the browser
it is itself within a frame, and that frame is the - top - frame and is
from another domain and so subject to security restrictions. However,
index2.htm and the contents of its frames are all from the same domain
so they can interact.

Your solution probably goes back to what I said earlier in the week, -
top - refers to the topmost frameset page (the one from
mydomain.com/www.charlescrumesoftware.com), but - from -
www.ccthecomputerguy.com/navigate2.htm - the - parent - reference will
refer to the immediately containing frameset page -
www.ccthecomputerguy.com/index2.htm - which is the frameset page you are
actually interested in interacting with, and is not subject to security
restrictions when accessed from navigate2.htm.

Richard.

re: Cross Domain scripting error??

Hello Richard;

I have a "light" -- still dim, but at least it's working <g>

"Richard Cornford" <Richard@litotes.demon.co.uk> wrote in message
news:c8172i$h2g$1$8302bc10@news.demon.co.uk...

[snip]
[color=blue]
> What you re not taking into account is how the "stealth" forwarding is
> done. What happens is that when a request for -
> www.charlescrumesoftware.com/ ... - is made www.mydomain.com returns a
> (probably dynamically generated) frameset page that only has one frame,
> and that frame loads the corresponding URL from -
> www.ccthecomputerguy.com -.[/color]

Ah-hah! This is the piece of information that has allowed me to understand
what is happening.

[snip]
[color=blue]
> Your solution probably goes back to what I said earlier in the week, -
> top - refers to the topmost frameset page (the one from
> mydomain.com/www.charlescrumesoftware.com), but - from -
> www.ccthecomputerguy.com/navigate2.htm - the - parent - reference will
> refer to the immediately containing frameset page -[/color]

Yes, yes -- I understand now what you have been telling me!!! Like I
mentioned earlier all the things you, and others, have been telling me make
sense, but keeping them in my head and making use of them has been somewhat
elusive -- I read right over what you had told me and *missed* your point.

I am making headway and want to thank you for your time, courteous
explanations, and patience.

Thanks again.

Charles...


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.686 / Virus Database: 447 - Release Date: 5/14/04