Firefox security question

This are really questions about xsite scripting security. I'm trying to
do a couple things using Firefox browser:

1. Need to detect any mouse click in a frame loaded with a page from an
unknown domain. Don't care what they've clicked on. Just want to know
if they clicked within the frame.

2. Need to keep history of the URLs for the webpages loaded within a
frame.

Thanks,
J

re: Firefox security question

jahearn said the following on 2/8/2006 7:19 PM:[color=blue]
> This are really questions about xsite scripting security. I'm trying to
> do a couple things using Firefox browser:
>
> 1. Need to detect any mouse click in a frame loaded with a page from an
> unknown domain. Don't care what they've clicked on. Just want to know
> if they clicked within the frame.[/color]

You and damn near every thief and spammer on the web.
[color=blue]
> 2. Need to keep history of the URLs for the webpages loaded within a
> frame.[/color]

Yeah right. Give up now.
Where I go is my business, not yours.
--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

re: Firefox security question

Well, it's my business if I'm writing an product that you purchased,
assuming you want it to work well.

re: Firefox security question

jahearn said the following on 2/9/2006 2:58 AM:[color=blue]
> Well, it's my business if I'm writing an product that you purchased,[/color]

I wouldn't purchase a product from someone who lacked the ability to
read an FAQ and then following it's requested guidelines on quoting.
[color=blue]
> assuming you want it to work well.[/color]

Everybody wants everything to work well but not everything can be made
to work well, and especially not this hair-brained scheme of yours.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

re: Firefox security question

Randy said the following on 2/9/2006 12:51 am:
[color=blue]
>I wouldn't purchase a product from someone who lacked the ability to
>read an FAQ and then following it's requested guidelines on quoting.[/color]
[color=blue]
>Everybody wants everything to work well but not everything can be made
>to work well, and especially not this hair-brained scheme of yours.[/color]

Ha! What an angry and silly little person you are!

You write on this newsgroup a lot. Why waste time making your silly
little comments (doesn't the faq say something about this)? Either
leave some useful information or don't reply at all and move on.

This scheme you refer to is not mine I assure you. In fact, I informed
the "schemer" that his ideas were likely not possible using javascript
because of security issues, but I'd be happy to look into what might
be possible with Firefox. I was willing to try because the behavior
he's hoping for is by no means nefarious or intrusive, and because I
know I can duplicate this behavior via other means, albeit at a much
higher cost. My time is limited, so posting here seemed a good
solution at the time. Wasn't expecting that the first set of replies
would be so childish though.

re: Firefox security question

jahearn said the following on 2/9/2006 12:12 PM:[color=blue]
> Randy said the following on 2/9/2006 12:51 am:
>[color=green]
>> I wouldn't purchase a product from someone who lacked the ability to
>> read an FAQ and then following it's requested guidelines on quoting.[/color]
>[color=green]
>> Everybody wants everything to work well but not everything can be made
>> to work well, and especially not this hair-brained scheme of yours.[/color]
>
> Ha! What an angry and silly little person you are![/color]

"angry"? Not in the least. "Silly"? I gave you the best answer you can
get. You can not cross-domain script - it is a security violation. So in
Firefox you can't do what you are wanting to do.
[color=blue]
> You write on this newsgroup a lot. Why waste time making your silly
> little comments (doesn't the faq say something about this)? Either
> leave some useful information or don't reply at all and move on.[/color]

http://jibbering.com/faq/#FAQ4_19

<quote>
In the normal browser security model, it is impossible for a script from
one domain to access the properties of pages served from another domain,
or a different protocol. Any attempt to access a property in such cases
will result in a "Permission Denied" error. Signed scripts or trusted
ActiveX objects can overcome this in limited situations.
</quote>

Means that in a default security environment you can't do what you are
wanting to do. But think about the implications if you could do it.

Some hacker wannabe puts your bank website in an IFrame that is set at
100% width and height and then copies your username and password and
posts it in another form to his own server. It doesn't take long to see
why you can't do it.

And just because you didn't get the exact answer you wanted doesn't make
me silly and angry, you have to do some research of your own and this
very question is so frequently asked that it is in the FAQ for this group.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

re: Firefox security question

JRS: In article <lfKdnU3s7dcLn3benZ2dnUVZ_tGdnZ2d@comcast.com>, dated
Thu, 9 Feb 2006 03:51:35 remote, seen in news:comp.lang.javascript,
Randy Webb <HikksNotAtHome@aol.com> posted :[color=blue]
>jahearn said the following on 2/9/2006 2:58 AM:[color=green]
>> Well, it's my business if I'm writing an product that you purchased,[/color]
>
>I wouldn't purchase a product from someone who lacked the ability to
>read an FAQ and then following it's requested guidelines on quoting.
>[color=green]
>> assuming you want it to work well.[/color]
>
>Everybody wants everything to work well but not everything can be made
>to work well, and especially not this hair-brained scheme of yours.[/color]

.... hare-brained. It refers to the activities of leporines,
particularly in March. There's a book by a chap called Webster, though
Dr Murray's is better.

--
© John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 IE 4 ©
<URL:http://www.jibbering.com/faq/> JL/RC: FAQ of news:comp.lang.javascript
<URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
<URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.

re: Firefox security question

Dr John Stockton said the following on 2/10/2006 4:23 PM:[color=blue]
> JRS: In article <lfKdnU3s7dcLn3benZ2dnUVZ_tGdnZ2d@comcast.com>, dated
> Thu, 9 Feb 2006 03:51:35 remote, seen in news:comp.lang.javascript,
> Randy Webb <HikksNotAtHome@aol.com> posted :[color=green]
>> jahearn said the following on 2/9/2006 2:58 AM:[color=darkred]
>>> Well, it's my business if I'm writing an product that you purchased,[/color]
>> I wouldn't purchase a product from someone who lacked the ability to
>> read an FAQ and then following it's requested guidelines on quoting.
>>[color=darkred]
>>> assuming you want it to work well.[/color]
>> Everybody wants everything to work well but not everything can be made
>> to work well, and especially not this hair-brained scheme of yours.[/color]
>
> .... hare-brained.[/color]

Had I meant hare-brained instead of hair-brained then I would have,
undoubtedly, written hare-brained. Understand my intentions before you
insert your foot by trying to correct me. You are starting to get a TPEL
type attitude.
[color=blue]
> It refers to the activities of leporines, particularly in March.[/color]

Yours may, mine didn't.
[color=blue]
> There's a book by a chap called Webster, though
> Dr Murray's is better.[/color]

But both of them suck so neither is of much use to me.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

re: Firefox security question

JRS: In article <zLidnSEUZPGvz2_eRVn-jA@comcast.com>, dated Tue, 14 Feb
2006 16:57:22 remote, seen in news:comp.lang.javascript, Randy Webb
<HikksNotAtHome@aol.com> posted :[color=blue]
>Dr John Stockton said the following on 2/10/2006 4:23 PM:[color=green]
>> JRS: In article <lfKdnU3s7dcLn3benZ2dnUVZ_tGdnZ2d@comcast.com>, dated
>> Thu, 9 Feb 2006 03:51:35 remote, seen in news:comp.lang.javascript,
>> Randy Webb <HikksNotAtHome@aol.com> posted :[/color][/color]
[color=blue][color=green][color=darkred]
>>> to work well, and especially not this hair-brained scheme of yours.[/color]
>>
>> .... hare-brained.[/color]
>
>Had I meant hare-brained instead of hair-brained then I would have,
>undoubtedly, written hare-brained. Understand my intentions before you
>insert your foot by trying to correct me. You are starting to get a TPEL
> type attitude.
>[color=green]
>> It refers to the activities of leporines, particularly in March.[/color]
>
>Yours may, mine didn't.
>[color=green]
>> There's a book by a chap called Webster, though
>> Dr Murray's is better.[/color]
>
>But both of them suck so neither is of much use to me.[/color]

Well, you clearly don't use correct British English; and you don't use
ordinary American English either; and you don't accept their most
authoritative references. Can you tell us what dictionary you do use,
and whether it's publicly available and if so its publisher?

--
© John Stockton, Surrey, UK. ???@merlyn.demon.co.uk Turnpike v4.00 MIME. ©
Web <URL:http://www.merlyn.demon.co.uk/> - FAQish topics, acronyms, & links.
Check boilerplate spelling -- error is a public sign of incompetence.
Never fully trust an article from a poster who gives no full real name.

re: Firefox security question

Dr John Stockton said the following on 2/15/2006 8:48 AM:[color=blue]
> JRS: In article <zLidnSEUZPGvz2_eRVn-jA@comcast.com>, dated Tue, 14 Feb
> 2006 16:57:22 remote, seen in news:comp.lang.javascript, Randy Webb
> <HikksNotAtHome@aol.com> posted :[color=green]
>> Dr John Stockton said the following on 2/10/2006 4:23 PM:[color=darkred]
>>> JRS: In article <lfKdnU3s7dcLn3benZ2dnUVZ_tGdnZ2d@comcast.com>, dated
>>> Thu, 9 Feb 2006 03:51:35 remote, seen in news:comp.lang.javascript,
>>> Randy Webb <HikksNotAtHome@aol.com> posted :[/color][/color]
>[color=green][color=darkred]
>>>> to work well, and especially not this hair-brained scheme of yours.
>>> .... hare-brained.[/color]
>> Had I meant hare-brained instead of hair-brained then I would have,
>> undoubtedly, written hare-brained. Understand my intentions before you
>> insert your foot by trying to correct me. You are starting to get a TPEL
>> type attitude.
>>[color=darkred]
>>> It refers to the activities of leporines, particularly in March.[/color]
>> Yours may, mine didn't.
>>[color=darkred]
>>> There's a book by a chap called Webster, though
>>> Dr Murray's is better.[/color]
>> But both of them suck so neither is of much use to me.[/color]
>
> Well, you clearly don't use correct British English;[/color]

Considering that I am not British, have never claimed to be British and
have even stated so before now, you are mastering the obvious John. I
thought better of you than that.
[color=blue]
> and you don't use ordinary American English either;[/color]

Coming from someone who has such a hatred toward anything American, I
find it ironic that you would claim to have such a vast knowledge of the
American language, it's intricacies and it's dialects. You don't.
[color=blue]
> and you don't accept their most authoritative references.[/color]

You should read Henry David Thoreau's "Civil Disobedience".
[color=blue]
> Can you tell us what dictionary you do use,[/color]

The two on my desk.
[color=blue]
> and whether it's publicly available[/color]

Of course they are. How else did I buy them?
[color=blue]
> and if so its publisher?[/color]

What this has to do with anything, other than an attempt to be pedantic,
only your mind understands.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/