In <cd**********@reader2.panix.com> KKramsch <ka*******************@yahooPERIODcom.invalid> writes:
In <40***************@agricoreunited.com> Grant Wagner <gw*****@agricoreunited.com> writes:
KKramsch wrote:
My code is generating this type of error:
Security Error: Content at http://nonexistent.org/somepage.html
may not load data from about:blank.
The "about:blank" page mentioned in the error message is a pop-up
window, whose content is 100% dynamically-generated, and which is
in fact *owes its existence* to code in the referring page
(nonexistent.org/somepage.html), along the lines of something like
window.open("", "pop-up", "width=450,height=300,resizable");
So, AFAICT, the error is spurious (i.e. there's really no security
breach). Is there any way to inform the browser that "about:blank"
does belong to nonexistent.org?
Thanks!
Karl
about:blank and any page loaded from your domain are indeed from
completely different domains, and should not be able to modify each
others' content.
Just use:
window.open("blank.htm" ...);
and in blank.htm:
<html>
<head>
<title>blank.htm</title>
</head>
<body onload="if (opener && opener.callBack) opener.callBack();">
</body>
</html>
Hi! Thanks! But isn't there a way to do this without requiring
a dummy blank.htm file being physically on the disk?
After my last post it occurred to me that it would be better to
post more code. The code in question belongs to a utilities
JavaScript "module" for use by all my CGI scripts; it includes the
following methods (error occurs in the console() method):
var Console;
function maybe_open_console() {
if (!Console || Console.closed) {
Console = window.open("","console","width=600,height=300,res izable");
}
try {
return Console.document && Console.document.open;
}
catch (ex) { return false; }
}
function console(msg) {
if (maybe_open_console()) {
var d = Console.document;
// The next line of code causes the security error
d.open("text/plain");
d.write(msg);
d.close();
}
}
The console() method is to be used for debugging purposes. It
pops up a window if necessary and writes a message to it. I have
indicated the line in it that causes the error.
Since I want this method to be usable by any CGI script, I'd like
to minimize dependencies on other files (such as a dummmy blank.htm
file somewhere below docroot).
Any suggestions on how to implement this would be much appreciated!
Karl
--
Sent from a spam-bucket account; I check it once in a blue moon. If
you still want to e-mail me, cut out the extension from my address,
and make the obvious substitutions on what's left.