Cross Domain scripting error??

Charles Crume

Hello;

My index.htm page (www.charlescrumesoftware.com for those interested in
looking) contains 3 frames (left = content, top right = logo, bottom right =
navigation). This domain name is registered with www.mydomain.com and is
stealth forwarded to www.ccthecomputerguy.com (where my *real* web site
currently lives). FWIW, I do this because in the 8+ years I've been on the
web, I've changed ISPs about 5 times and every change requires a new domain
(or problems transferring) and new email addresses requiring boatloads of
people to be notified. This way I have permanent web and e-mail addresses
even though I might change ISP's every six months. Anyway...

I am learning javascript and came up with an idea to adjust the sizes of the
frames primarily as a learning exercise, but also to do something useful --
a visual effect when my page starts. I've gotten everything to work on my
local machine (Win 98se and IE6) and when run directly from my *real* web
site www.ccthecomputerguy.com/index2.htm (I'm using "index2" for testing
purposes).

However, when I access the site from
www.charlescrumesoftware.com/index2.htm, I get "Error: top.frames.xxx is nil
or not an object" (at one time I was getting "Error: Access Denied" -- which
lead me to research cross domain issues on google).

However, now I'm not sure what the problem is or if there is really a "cross
domain" problem. I pretty sure the problem javascript statement is (I can
post more code if needed):

setTimeout("top.frames['xxx'].cols =" + new_params, i*delay_multiplier);

Can anyone help me out, provide some pointers/workarounds, or where to look
for more infomation?

TIA.

Charles...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.682 / Virus Database: 444 - Release Date: 5/11/04

Jul 23 '05 #1

Subscribe Post Reply

4346

Hywel

In article <gc****************@fe1.columbus.rr.com>, Charles Crume
says...

However, now I'm not sure what the problem is or if there is really a "cross
domain" problem. I pretty sure the problem javascript statement is (I can
post more code if needed):

setTimeout("top.frames['xxx'].cols =" + new_params, i*delay_multiplier);

Can anyone help me out, provide some pointers/workarounds, or where to look
for more infomation?

If top.frame is from a different domain, you can't set variables in it.

--
Hywel I do not eat quiche
http://kibo.org.uk/
http://kibo.org.uk/mfaq.php

Jul 23 '05 #2

Charles Crume

Hi Hywel;

"Hywel" <hy**********@hotmail.com> wrote in message
news:MP************************@news.individual.ne t...

In article <gc****************@fe1.columbus.rr.com>, Charles Crume
says...
However, now I'm not sure what the problem is or if there is really a "cross domain" problem. I pretty sure the problem javascript statement is (I can post more code if needed):

setTimeout("top.frames['xxx'].cols =" + new_params, i*delay_multiplier);
Can anyone help me out, provide some pointers/workarounds, or where to look for more infomation?

If top.frame is from a different domain, you can't set variables in it.

Right, I know this, but the error message is pretty vague (for us javascript
newbies). I'm understanding most of the stuff people tell me and the stuff I
read -- but having a some difficulty in retaining it all in my head and
keeping it straight. So, if you can bear with me...

As I understand it your pretty much telling me I've got a cross domain
problem because, when www.charlescrumesoftware.com/index2.htm loads the
frames, the frame content comes from page on www.ccthecomputerguy.com and as
this is a different domain I cannot alter the frame contents. Am I correct
so far?

I've read about the document.domain property, and my understanding is that
it only work for the same domain suffix (which is not my case).

Could the initial index2.htm page load a page from www.ccthecomputerguy.com
which could then load the frames and avoid this problem?

TIA.

Charles...

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.683 / Virus Database: 445 - Release Date: 5/12/04

Jul 23 '05 #3

Hywel

In article <Gl***************@fe1.columbus.rr.com>, Charles Crume
says...

Hi Hywel;

"Hywel" <hy**********@hotmail.com> wrote in message
news:MP************************@news.individual.ne t...
In article <gc****************@fe1.columbus.rr.com>, Charles Crume
says...
However, now I'm not sure what the problem is or if there is really a "cross domain" problem. I pretty sure the problem javascript statement is (I can post more code if needed):

setTimeout("top.frames['xxx'].cols =" + new_params, i*delay_multiplier);
Can anyone help me out, provide some pointers/workarounds, or where to look for more infomation?
If top.frame is from a different domain, you can't set variables in it.

Right, I know this, but the error message is pretty vague (for us javascript
newbies).

Is it? It's telling you that access to the variable you're after is
denied. That's pretty much it.

As I understand it your pretty much telling me I've got a cross domain
problem because, when www.charlescrumesoftware.com/index2.htm loads the
frames, the frame content comes from page on www.ccthecomputerguy.com
Yes.

and as
this is a different domain I cannot alter the frame contents. Am I correct
so far?
No. You can alter the *frame* contents (ie. load another document into
the frame) but you can't alter the content of a document that's already
in the frame if that document is from another domain.

Could the initial index2.htm page load a page from www.ccthecomputerguy.com
which could then load the frames and avoid this problem?

If they're both your domains why bother with all this cross-domain crap.
Structure the site properly and run it from the same domain.
--
Hywel I do not eat quiche
http://kibo.org.uk/
http://kibo.org.uk/mfaq.php

Jul 23 '05 #4

Charles Crume

[snip]

Right, I know this, but the error message is pretty vague (for us javascript newbies).

Is it? It's telling you that access to the variable you're after is
denied. That's pretty much it.

Yes, it really is!! The message does not say access is denied *or why*, it
says "top.frames.xxx" is null or not an object (which is correct) -- but to
a newbie it *is* an object. Of course, once one understands the intricacies,
interactions, and security features of javascript (i.e., gets more and more
experience) this stuff becomes known and remembered.

[snip]

and as
this is a different domain I cannot alter the frame contents. Am I correct so far?

No. You can alter the *frame* contents (ie. load another document into
the frame) but you can't alter the content of a document that's already
in the frame if that document is from another domain.

Well, excuse me for being a little dense here, but while index2.htm is
loaded from a forwarded domain, the frame contents are loaded from the main
domain. I guess I'm just not understanding exactly what is transpiring
during this sequence of events :-( Hopefully the light will come -- and
soon I hope.

Could the initial index2.htm page load a page from www.ccthecomputerguy.com which could then load the frames and avoid this problem?

If they're both your domains why bother with all this cross-domain crap.
Structure the site properly and run it from the same domain.

I explained the reason why in my initial post. I have no idea what
"structure the site properly" means. Everything on my site WAD except this
frame issue.

Hopefully, I'll come up with a solution.

Thanks for your time and patience.

Charles...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.683 / Virus Database: 445 - Release Date: 5/12/04

Jul 23 '05 #5

Richard Cornford

Charles Crume wrote:
<snip>

Well, excuse me for being a little dense here, but while index2.htm is
loaded from a forwarded domain, the frame contents are loaded from
the main domain. I guess I'm just not understanding exactly what is
transpiring during this sequence of events :-( Hopefully the light
will come -- and soon I hope.

<snip>

What you re not taking into account is how the "stealth" forwarding is
done. What happens is that when a request for -
www.charlescrumesoftware.com/ ... - is made www.mydomain.com returns a
(probably dynamically generated) frameset page that only has one frame,
and that frame loads the corresponding URL from -
www.ccthecomputerguy.com -.

The effect is that when your index2.htm frameset arrives in the browser
it is itself within a frame, and that frame is the - top - frame and is
from another domain and so subject to security restrictions. However,
index2.htm and the contents of its frames are all from the same domain
so they can interact.

Your solution probably goes back to what I said earlier in the week, -
top - refers to the topmost frameset page (the one from
mydomain.com/www.charlescrumesoftware.com), but - from -
www.ccthecomputerguy.com/navigate2.htm - the - parent - reference will
refer to the immediately containing frameset page -
www.ccthecomputerguy.com/index2.htm - which is the frameset page you are
actually interested in interacting with, and is not subject to security
restrictions when accessed from navigate2.htm.

Richard.

Jul 23 '05 #6

Charles Crume

Hello Richard;

I have a "light" -- still dim, but at least it's working <g>

"Richard Cornford" <Ri*****@litotes.demon.co.uk> wrote in message
news:c8*******************@news.demon.co.uk...

[snip]

What you re not taking into account is how the "stealth" forwarding is
done. What happens is that when a request for -
www.charlescrumesoftware.com/ ... - is made www.mydomain.com returns a
(probably dynamically generated) frameset page that only has one frame,
and that frame loads the corresponding URL from -
www.ccthecomputerguy.com -.
Ah-hah! This is the piece of information that has allowed me to understand
what is happening.

[snip]
Your solution probably goes back to what I said earlier in the week, -
top - refers to the topmost frameset page (the one from
mydomain.com/www.charlescrumesoftware.com), but - from -
www.ccthecomputerguy.com/navigate2.htm - the - parent - reference will
refer to the immediately containing frameset page -

Yes, yes -- I understand now what you have been telling me!!! Like I
mentioned earlier all the things you, and others, have been telling me make
sense, but keeping them in my head and making use of them has been somewhat
elusive -- I read right over what you had told me and *missed* your point.

I am making headway and want to thank you for your time, courteous
explanations, and patience.

Thanks again.

Charles...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.686 / Virus Database: 447 - Release Date: 5/14/04

Jul 23 '05 #7

Similar topics

Cross domain scripting with xmlhttp

by: VA | last post by:

This has come up before but I am not sure if the latest versions of IE and FF change the answer. A script running on a webpage served up by http://foo.something.com should be able to do...

Javascript

cross frame scripting

by: Vongza | last post by:

<html> <head> <title>Cross Frame Reference</title> <script language="javascript"> function showThisTitle() { alert(document.title); } function showAnotherTitle() { try {...

Javascript

Cross-frame location.reload()

by: permanent.tourist | last post by:

I'm having a hell of a job getting this to work in Safari: the only thing I can think of is that one can't use reload() across to another frame for security reasons. Does anyone have a concrete...

Javascript

IE "Mark of the Web" cross-frame scripting?

by: taoberly | last post by:

A few months ago I posted a question about using a file on my hard drive to perform cross-frame scripting and pull data from a server on my company's intranet. I eventually got this working using...

Javascript

IE 6 Bug - Is DHTML Becoming Too Powerful? Cross-domain scripting not allowed

by: aspmonger | last post by:

Hello, I really believe that IE 6 has a new (intentional?) bug that severely limits the capability of dhtml and cross domain scripting. Yesterday, I read an interesting article about the subject and...

Javascript

Cross-Domain-Scripting

by: torsten.reiners | last post by:

Hi, We try to implement a "web-application" where we have to access a general web-site -- loaded into a frame -- from another frame using JavaScript. We know that there are security issues...

Javascript

Cross domain Scripting

by: dmjpro | last post by:

Basically we know that JavaScript does not support cross domain scripting. But today i heard that Google does support cross domain scripting. Is that true ..if true then please explain.

Javascript

Cross-domain cookie updating ?

by: Stevo | last post by:

I'm guessing this is a laughably obvious answer to many here, but it's not to me (and I don't have a server or any knowledge of PHP to be able to try it). It's not strictly a PHP question, but...

PHP

cross-domain

by: ampo | last post by:

Hello. Can anyone help with cross-domain problem? I have HTML page from server1 that send xmlHTTPRequest to server2. How can I do it? Thanks.

Javascript

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

Windows Server

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...

Career Advice

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

Microsoft Access / VBA

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...

C# / C Sharp