473,700 Members | 2,569 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

cross frame scripting

<title>Cross Frame Reference</title>
<script language="javas cript">
function showThisTitle() {
alert(document. title);
function showAnotherTitl e() {
try {
alert(anotherWo rld.document.ti tle);
catch (e) {
<iframe width="100%" height="50%" name="anotherWo rld"
src="http://www.google.co.k r/"></iframe><br><br>
<div align="center">
<input type="button" value="Show this title"
onClick="showTh isTitle();">
<input type="button" value="Show iframe's title"
onClick="showAn otherTitle();">

in the code above, i cannot get the document title of iframe.
i have understood it was because of security problem.

how can i get the title, (location.)href or (domain.)url of iframe
beyond security problem?

Dec 26 '05 #1
3 10197
You can't :), mozilla points out to using a signed script, meaning, a
script with some certificate to disable the security, coming from the
domain loaded in the frame, but all that's on the server, not client.

Dec 26 '05 #2
On 2005-12-26, Vongza <pa****@gmail.c om> wrote:

in the code above, i cannot get the document title of iframe.
i have understood it was because of security problem.

how can i get the title, (location.)href or (domain.)url of iframe
beyond security problem?

serve its content from the same server as the main document.


Dec 26 '05 #3

Vongza wrote:

<iframe width="100%" height="50%" name="anotherWo rld"
src="http://www.google.co.k r/"></iframe> how can i get the title, (location.)href or (domain.)url of iframe
beyond security problem?

If the iframe contains a document loaded from the same origin as the
parent document then script in the parent document can access
window.frames.a notherWorld.loc ation.href
window.frames.a notherWorld.loc ation.host
window.frames.a notherWorld.doc ument.title

I am not sure what "beyond security problem" means, if you are looking
for ways to script such a document on a remote host with script from
your own document then on Windows instead of IE you could use HTA, HTML
applications as there your script is not subjected to the same origin
policy. Or you could write a Windows Script Host script to automate an
IE browser window into which you load that URL, that way your Windows
Script Host script has access to the objects IE exposes for the document.
With Mozilla/Netscape you don't need an HTA but could write your own
local HTML document referencing that external frame document and then
your script in the local HTML document is able to request privileges to
do stuff normally not allowed, e.g. access that frame. But that will
only work if your own HTML document is being loaded locally and the
browser users then in a dialog grants the script the privilege. If you
have a document on a HTTP server then you need signed script.
Here is an example, if you load that from the local file system in
Mozilla or Firefox then every time a document has been loaded in the
iframe the script requests the UniversalBrowse rRead privilege for cross
domain scripting, so the browser will fire up a dialog asking the user
to grant or deny the privilege and if granted the script access the
iframe and its document:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html lang="en">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>requesti ng privilege in Mozilla</title>
<script type="text/javascript">
function output (text, tagName, parentNode) {
tagName = tagName || 'p';
parentNode = parentNode || document.body;
var doc = parentNode.owne rDocument;
var element = doc.createEleme nt(tagName);
element.appendC hild(doc.create TextNode(text)) ;
parentNode.appe ndChild(element );

function privilegeTest () {
if (typeof netscape != 'undefined' &&
typeof netscape.securi ty != 'undefined' &&
typeof netscape.securi ty.PrivilegeMan ager != 'undefined' &&
typeof netscape.securi ty.PrivilegeMan ager.enablePriv ilege !=
try {

netscape.securi ty.PrivilegeMan ager.enablePriv ilege('Universa lBrowserRead');
try {
var frame = window.frames.r emoteFrame;
output('locatio n.href: ' + frame.location. href);
output('locatio n.host: ' + frame.location. host);
output('title: ' + frame.document. title);
var p = frame.document. getElementsByTa gName('p')[0];
if (p != null) {
p.appendChild(p .ownerDocument. createTextNode(
' Kibology for all. '));
catch (e1) {
output('Error ' + e.message);
catch (e) {
output('Privile ge not granted: ' + (typeof e == 'string' ? e :

<h1>privilege test</h1>

<iframe name="remoteFra me"
onload="privile geTest();"


Martin Honnen
Dec 26 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Charles Crume | last post by:
Hello; My index.htm page (www.charlescrumesoftware.com for those interested in looking) contains 3 frames (left = content, top right = logo, bottom right = navigation). This domain name is registered with www.mydomain.com and is stealth forwarded to www.ccthecomputerguy.com (where my *real* web site currently lives). FWIW, I do this because in the 8+ years I've been on the web, I've changed ISPs about 5 times and every change requires a...
by: NoCopy na | last post by:
Using the following example: domiframetest.html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>DOM Iframe Test</title>
by: Scott M. | last post by:
How can I disable the cross-site scripting check for one particular page of a site?
by: taoberly | last post by:
Hello, Is it possible to run an HTML file from "localhost" and bypass the various security checks in place for cross-frame scripting? For example, on a 2-frame page loaded locally: a) frame 1 includes a form that accepts the name of a web site (example: www.foo.com), which a script or perhaps a "target" attribute then loads into frame 2 b) frame 1 waits for frame 2 to load, then reads (for example)
by: WT | last post by:
Hello, I have an asp.net 1.1 application that runs an asp.net 2.0 page in an iframe. I need to save the contained app before saving the main one when the save button is clicked. For this I uses a jscript on the main page that calls a jscript method on the contained one. As my applications are running on differents servers, ie domains, I get a security error saying that I have no rights to call this method.
by: taoberly | last post by:
A few months ago I posted a question about using a file on my hard drive to perform cross-frame scripting and pull data from a server on my company's intranet. I eventually got this working using an HTA file and Internet Explorer. Now I'm tackling a similar issue, but really need to keep the IE menus, navigation buttons, etc. this time around. Assuming a solution exists, I'm guessing it involves using the IE6 SP2 "Mark of the Web"...
by: KZSteele | last post by:
hello - i am using VBA within a microsoft access project to automate internet explorer. what i am doing is reading data from various frames in the IE window and loading them into a table. however, this cross-frame scripting security with IE is really getting on my nerves. i can't even use VB to navigate to frames located on a different domain. the page in question uses framesets, not iframes. question: how can i DISABLE the horrid...
by: KZSteele | last post by:
(repost/edit from html forum) hello - i am using VBA within a microsoft access project to automate internet explorer. what i am doing is reading data from various frames of my company's web site (non-intranet) and loading it into a table. however, this cross-frame scripting security with IE is getting in the way. i can't even use VB to navigate to frames located on a different domain. the website in question uses framesets, not iframes. ...
by: dotpranay | last post by:
Hi, I have two websites in my local IIS. Website A and B. A runs under SSL and B does not. A has a page that has an iframe showing B in that iframe. Both sites being on the same domain. i could write some code in a page in website B so that i can do cross frame scripting. This worked fine in my environment. But this did not work when i tried the same on our server. Are there any other conditions apart from 'Same domain' that would...
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, weíll explore What is ONU, What Is Router, ONU & Routerís main usage, and What is the difference between ONU and Router. Letís take a closer look ! Part I. Meaning of...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.