473,573 Members | 2,849 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

foist javascript into another frame, and evaluate it in the target context

Javascripters:

I have an outer page and an inner iframe. The outer page calculates some
javascript, and wants the inner frame to run it. The inner frame should hit
a page on the same (private) web server, so this is not a cross-site
scripting attack. But I would prefer not to taint the target page with any
extra logic to do this. (I will if I must.)

The calling page has these elements:

<script src="/javascripts/prototype.js" type="text/javascript" />...
<span id='update_me'> yo2</span>
<iframe id='grinder' src='sample.htm l' >
</iframe>

So here's most of the page which the iframe hits:

<script src="/javascripts/prototype.js" type="text/javascript" />...
<body bgcolor='silver '>
<span id='update_me'> yo</span>
</body></html>

Note that both the outer and inner page have a span with the same ID.

This question will resemble a JavaScript FAQ - how to evaluate Javascript on
the fly, or how to reload a JS file. The answers on the web generally do not
transport the JS across a frame boundary, so they don't address the bug I
encountered, and I can't tell if prototype.js or IE is at fault.

The outer page calls Ajax goodies that generate some JS looking like this:

Element.update( "update_me" , "here I B");

The page sends that, as a string, into this JS (in application.js) :

function update_grinder( sauce)
{
var grinder = $('grinder');

if (grinder)
{
var doc = grinder.content Document;
if (!doc) doc = grinder.documen t;
if (doc)
{
evaluate(doc, sauce);
return;
}
}
document.write( "your browser sucks");
}

So that contains enough logic to find the iframe's document, and it works
for Firefox, IE, Konqueror, and Opera. The code calls evaluate() with the
document where we need the evaluation context, and the string with our
source.

Here's evaluate():

function evaluate(doc, sauce)
{
var s = doc.createEleme nt('script');
//s.defer = true; // <-- no effect
s.text = sauce;
var body = doc.getElements ByTagName('body ').item(0);

if (body)
{
body.appendChil d(s);
return;
}
body = doc.body;
if (body)
{
body.appendChil d(s);
return;
}
}

That creates a <scriptblock, sticks our string in as its contents, and
pushes the block to the end of our <bodytag. Now here's the bug:

Firefox updates the inner <span id='update_me'> , and IE updates the outer
one.

If I remove the outer <span id='update_me'> , then IE simply can't find it
and throws an error. Even though it evaluates a script block clearly in the
context of the inner iframe.

I have tried calling the script from setTimeout, and from a button's onclick
handler.

Is there some script.aculo.us way to fix (yet another) bug in IE? Or is this
a bug in prototype.js?

--
Phlip
http://www.greencheese.us/ZeekLand <-- NOT a blog!!!
Dec 16 '06 #1
15 2243
Firefox updates the inner <span id='update_me'> , and IE updates the outer
one.
I figured it out, but I'm keeping it a secret because I want to be the only
one who knows how to do it.

Oooh, okay, read this:
http://johnvey.com/features/deliciou...ce-broker.html

Then do this:

function update_grinder( sauce)
{
var grinder = $('grinder');
grinder.src='ja vascript:void(f unction(){'+sau ce+'}())';
}
--
Phlip
http://www.greencheese.us/ZeekLand <-- NOT a blog!!!

Dec 16 '06 #2
Phlip said the following on 12/16/2006 12:59 PM:

<snip>
Is there some script.aculo.us way to fix (yet another) bug in IE?
It's not a bug in IE.
Or is this a bug in prototype.js?
Possibly.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Dec 17 '06 #3
Randy Webb wrote:
>Is there some script.aculo.us way to fix (yet another) bug in IE?

It's not a bug in IE.
>Or is this a bug in prototype.js?

Possibly.
Yet another of the frictions you have brought to this discussion is your
phobia for prototype.js. I'm sure it has issues, but my result with
frame.src=javas cript:void(func tion(){...}()) shows prototype.js works when
the browser runs it in the right context. Same prototypical code in ... ,
different hand-written JS to deliver it, different results.

So it was a bug in IE, and once again you are... you-know-what. ;-)

--
Phlip
http://www.greencheese.us/ZeekLand <-- NOT a blog!!!
Dec 17 '06 #4
Phlip said the following on 12/16/2006 7:16 PM:
Randy Webb wrote:
>>Is there some script.aculo.us way to fix (yet another) bug in IE?
It's not a bug in IE.
>>Or is this a bug in prototype.js?
Possibly.

Yet another of the frictions you have brought to this discussion is your
phobia for prototype.js.
My "phobia of prototype.js"? That is, indeed, a powerful assumption on
your part. I have not expressed a phobia of prototype, I have barely
commented on it. You wanted to know if it was a bug in IE and I said no.
You asked if it was a bug in prototype and I said Possibly. And from
that you induced that I have a phobia of prototype. It wouldn't matter
if it was prototype.js, Yahoo!'s Library, one of Matt Kruse's libraries
or anybody else's, my response would have been the same. It is just as
likely that it isn't as it is a bug in prototpye.
I'm sure it has issues, but my result with
frame.src=javas cript:void(func tion(){...}()) shows prototype.js works when
the browser runs it in the right context. Same prototypical code in ... ,
different hand-written JS to deliver it, different results.
That alone indicates a flaw in prototype.js. Your tests, your results,
and you get different results from prototype.js (where it doesn't work)
and from doing it manually (where it works). So you yourself have shown
that it was possibly a prototype issue and not an IE issue.
So it was a bug in IE,
No it isn't.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Dec 17 '06 #5
Randy Webb wrote:
My "phobia of prototype.js"? That is, indeed, a powerful assumption on
your part. I have not expressed a phobia of prototype
Besides calling it, what, "protocrap" ? Was that just the exception?
That alone indicates a flaw in prototype.js. Your tests, your results, and
you get different results from prototype.js (where it doesn't work) and
from doing it manually (where it works). So you yourself have shown that
it was possibly a prototype issue and not an IE issue.
Once again you show no evidence of grasping the experiment. I wrote code to
use your technique, and it worked in FireFox and failed in IE. (Inserting
code that, unlike alert(), required the correct context to run.) Then I
wrote the code to use iframe.src=java script:void etc., and it worked in both
browsers. No doing anything manually.

To make your grid of experiments more useful, you need to Aadd the
javascript:void trick, and Bmake the inserted code do something relevant,
not just alert().

--
Phlip
http://www.greencheese.us/ZeekLand <-- NOT a blog!!!
Dec 17 '06 #6
Phlip said the following on 12/16/2006 11:13 PM:
Randy Webb wrote:
>My "phobia of prototype.js"? That is, indeed, a powerful assumption on
your part. I have not expressed a phobia of prototype

Besides calling it, what, "protocrap" ? Was that just the exception?
Yep, that is what I called it. But I have no phobia of it, its crap. If
people want to use it, then let them.
>That alone indicates a flaw in prototype.js. Your tests, your results, and
you get different results from prototype.js (where it doesn't work) and
from doing it manually (where it works). So you yourself have shown that
it was possibly a prototype issue and not an IE issue.

Once again you show no evidence of grasping the experiment.
Hmmm, ok. The problem is you can't make it inject script across frames
and get it to execute in the context of the IFrame. And since you can't,
you call it a "bug in IE". To which I say you are dead wrong. Proof below.
I wrote code to use your technique, and it worked in FireFox and failed in IE.
If the code I wrote didn't work in IE then something else you are doing
is causing that failure as the code I wrote works flawlessly in IE,
Firefox, Opera and about 8 other browsers that I don't care to type the
names of.
(Inserting code that, unlike alert(), required the correct context to run.)
You mean code that will change the innerHTML of an element on a page
where the same ID is present in both the parent document and the child
document?
Then I wrote the code to use iframe.src=java script:void etc., and it
worked in both browsers. No doing anything manually.
I will have to take your word for that as you haven't shown any code
using iframe.src=.... .
To make your grid of experiments more useful, you need to Aadd the
javascript:void trick, and Bmake the inserted code do something relevant,
not just alert().
I made it do just that. It changes the innerHTML of an element in a
child page and - guess what - it doesn't use any javascript:void hack.
You have been reading too much VK.

Here are your two test pages:

parent.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"
"http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<title>Blank Page with an IFrame</title>
<style type="text/css">
</style>
<script type="text/javascript">
function insertScriptTex tAcrossFrames(f rameID,scriptSt ring){
frameRef = window.frames[frameID]
var newScript = frameRef.docume nt.createElemen t('script');
newScript.type = "text/javascript";
newScript.text = scriptString
frameRef.docume nt.getElementsB yTagName('head' )[0].appendChild(ne wScript);
}
</script>
</head>
<body>
<div id="divToModify "></div>
<iframe name="myIFrame" src="child.html "></iframe>
<button
onclick="insert ScriptTextAcros sFrames('myIFra me','document.g etElementById(\ 'divToModify\') .innerHTML=\'Th is
is new text\'')">Inser t script text across frames</button>
</body>
</html>
The button code will have to be unwrapped before testing.
And child.html:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"
"http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<title>Blank Page2 to Modify</title>
<style type="text/css">
</style>
</head>
<body>
<div id="divToModify "></div>
</body>
</html>

Both of them have a div with the id of divToModify as you say your
document does. It uses the exact function I gave you to use. Now, what
is it about the "concept of the problem" is it that you think I don't
understand?

--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Dec 17 '06 #7
Randy Webb wrote:
>>My "phobia of prototype.js"? That is, indeed, a powerful assumption on
your part. I have not expressed a phobia of prototype

Besides calling it, what, "protocrap" ? Was that just the exception?

Yep, that is what I called it. But I have no phobia of it, its crap. If
people want to use it, then let them.
"Phobia" means "hatred". Its popular usage is "unreasonin g fear". Same
difference.
Hmmm, ok.
Position change noted. ;-)
The problem is you can't make it inject script across frames and get it to
execute in the context of the IFrame. And since you can't, you call it a
"bug in IE". To which I say you are dead wrong. Proof below.
It worked in Firefox. In IE, the update went to the SPAN in the outer frame.
Bug. The possibility of invalid HTML encodings doesn't excuse the bug.
You mean code that will change the innerHTML of an element on a page where
the same ID is present in both the parent document and the child document?
No, change the innerHTML period. The matching ID has nothing to do with the
bug; I just used it to illustrate the symptom.
I will have to take your word for that as you haven't shown any code using
iframe.src=.... .
Do I have to find you in person and dial your browser to the post of 10:20
AM PST containing this?

function update_grinder( sauce)
{
var grinder = $('grinder');
grinder.src='ja vascript:void(f unction(){'+sau ce+'}())';
}

Your capacity to ignore and misunderstand my posts, then blame me, is
astounding.
I made it do just that. It changes the innerHTML of an element in a child
page and - guess what - it doesn't use any javascript:void hack. You have
been reading too much VK.
No idea who that is, but my project requires protocrap.js as an external
constraint. Feel free to say it shares the bug with IE. Thanks for upgrading
your experiment, but for completeness you could consider adding the
javascript:void technique. Not sure why you call something that works on
many more browsers with many fewer lines of code a "hack"...
Both of them have a div with the id of divToModify as you say your
document does. It uses the exact function I gave you to use. Now, what is
it about the "concept of the problem" is it that you think I don't
understand?
Yes, now that you have changed your position a great deal since my first
post, there are indeed fewer areas of misalignment.

--
Phlip
http://www.greencheese.us/ZeekLand <-- NOT a blog!!!
Dec 17 '06 #8
Phlip said the following on 12/17/2006 12:29 AM:
Randy Webb wrote:
>The problem is you can't make it inject script across frames and get it to
execute in the context of the IFrame. And since you can't, you call it a
"bug in IE". To which I say you are dead wrong. Proof below.

It worked in Firefox. In IE, the update went to the SPAN in the outer frame.
Bug. The possibility of invalid HTML encodings doesn't excuse the bug.
>You mean code that will change the innerHTML of an element on a page where
the same ID is present in both the parent document and the child document?

No, change the innerHTML period. The matching ID has nothing to do with the
bug; I just used it to illustrate the symptom.
And I posted code that does what you want it to do but it works,
flawlessly, in IE, so, where is the "bug"?
>I will have to take your word for that as you haven't shown any code using
iframe.src=... ..

Do I have to find you in person and dial your browser to the post of 10:20
AM PST containing this?

function update_grinder( sauce)
{
var grinder = $('grinder');
grinder.src='ja vascript:void(f unction(){'+sau ce+'}())';
}
I never told you to use the .src attribute though, use the .text property.
Your capacity to ignore and misunderstand my posts, then blame me, is
astounding.
Your inability to explain the problem right is more astounding.
>I made it do just that. It changes the innerHTML of an element in a child
page and - guess what - it doesn't use any javascript:void hack. You have
been reading too much VK.

No idea who that is, but my project requires protocrap.js as an external
constraint.
Then you can load it in the IFrame.

function loadJSFile(file URL){
var frameRef = window.frames['frameName']
var newScript = frameRef.docume nt.createElemen t('script');
newScript.type = "text/javascript";
newScript.src = fileURL;
frameRef.docume nt.getElementsB yTagName('head' )[0].appendChild(ne wScript);
}

loadJSFile('pat hToPrototype')

Then, prototype will be executed in the context of the IFrame and make
all it's "goodies" available to the IFrame.
Feel free to say it shares the bug with IE.
The bug isn't in IE though.
Thanks for upgrading your experiment, but for completeness you
could consider adding the javascript:void technique.
I didn't need it, I only made it to prove that it wasn't a bug in IE
which is what I said to start with.
Not sure why you call something that works on
many more browsers with many fewer lines of code a "hack"...
eval works also, do you use that over-extensively as well?
>Both of them have a div with the id of divToModify as you say your
document does. It uses the exact function I gave you to use. Now, what is
it about the "concept of the problem" is it that you think I don't
understand?

Yes, now that you have changed your position a great deal since my first
post, there are indeed fewer areas of misalignment.
That didn't answer the question though. I am still curious what it is
you think I don't understand with regards to the problem.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Dec 17 '06 #9
Randy Webb wrote:
And I posted code that does what you want it to do but it works,
flawlessly, in IE, so, where is the "bug"?
Forget the duplicate ID. FireFox updated the SPAN that Element.Update
targetted. IE threw an exception in the same situation. So there's a bug in
IE or prototype.js.
> function update_grinder( sauce)
{
var grinder = $('grinder');
grinder.src='ja vascript:void(f unction(){'+sau ce+'}())';
}

I never told you to use the .src attribute though, use the .text property.
This is amazing. When I was using the createElement trick, I was using the
..text property. 'grinder' is the IFRAME itself; I'm doing the equivalent of
writing javascript:aler t('yo') in your browser's address bar.
Then you can load it in the IFrame.
Once again, nobody is asking how to get prototype.js into the IFrame. It's
already there. Post of 12:20 AM: "That also includes prototype.js... "
eval works also, do you use that over-extensively as well?
All the time. And in C++ I abuse #define macros, in Perl I refuse to bless
hashes, in SQL I use DISTINCT and LIMIT, in Python I use tabs, in VB6 I use
concrete virtual base classes, in Ruby I, uh, also eval() a lot, in Fortran
I use 7-letter identifiers, and my Smalltalk selectors don't reveal intent.

Are you off your high-horse yet??

--
Phlip
http://www.greencheese.us/ZeekLand <-- NOT a blog!!!
Dec 17 '06 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

16
1821
by: Phlip | last post by:
Javascripters: I have a page with an iframe inside. Let's say the iframe looks like this: <script src="/javascripts/prototype.js" type="text/javascript" /> .... <iframe id='grinder' src='sample.html' > </iframe> That prototype.js gives us goodies like $(). And sample.html looks a little
0
7679
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7996
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8191
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
0
6392
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5573
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5284
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3724
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
1289
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
1029
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.