By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,351 Members | 1,437 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,351 IT Pros & Developers. It's quick & easy.

IE 6 Bug - Is DHTML Becoming Too Powerful? Cross-domain scripting not allowed

P: 2
I really believe that IE 6 has a new (intentional?) bug that severely limits the capability of dhtml and cross domain scripting. Yesterday, I read an interesting article about the subject and it only supported my claim. The article explained why Microsoft will not be letting the IE DHTML Implementation get any more powerful than it already is. Microsoft has realized that an experienced DHTML developer can create a web application that looks and performs just like a desktop application. It doesn't take a rocket scientist to realize the impact that this will have on the sales of Microsoft's new Core Development Products and Technologies (WinForms, C#, .net).

After I read this article, I started to think about an .hta script that suddenly quit working when I upgraded from IE 5 to IE 6. The script used cross domain techniques but nothing really fancy. To make matters worse, I have tried extensively to update and fix my script with no luck. I still receive 'Access Denied' errors.

If you are interested, I have prepared a simple code example containing a dhtml 'one-liner' which demonstrates the cross domain scripting technique that I have been ranting about. To use the example, save the code to a file with the .hta extension. Double click the .hta file to execute it. The application is very simple. Select some text with your mouse and click the 'Get HTML' button. The button is suppose to (and did under IE 5) pop up an alert message that contains the HTML snippet which corresponds to your selection. To try and fix the script, I added the application="yes" attribute to the IFRAME Tag. According to the documentation, this is a new requirement for IE 6. It is suppose to lower the security constraints for the iframe, thus enabling cross domain scripting. It didn't work. Do take note that the example works when the html file in the iframe is on your local machine (example- change the 'src' attribute of the iframe to 'c:\file.htm' or something).

Code Example:
<TITLE>Simple Cross Domain DHTML Mouse Selection Script</TITLE>
<input type="button" value="Get HTML" onClick="getText()"><br><span><br>
<iframe Application="yes" src="" id="TheFrame" style="width: 100%; height: 85%"></iframe>
<script language=JScript>
function getText()
var doc = window.frames.TheFrame.document;
var text1 = doc.selection.createRange().htmlText;

Let me know what you think.
Oct 8 '06 #1
Share this Question
Share on Google+
3 Replies

Expert Mod 15k+
P: 16,027
Conspiracy theories, don't you just love 'em? ;)

JavaScript doesn't allow cross-domain access unless in reduced security, e.g. "file:" or when granted privileges. You can use Ajax which allows server-side code to be run without reloading the page - now that's a lot more powerful than DHTML!
May 19 '08 #2

Expert Mod 5K+
P: 5,390
hi ...

there are some common and known issues with cross-domain-requests and at this moment it is 'good' that JavaScript doesn't allow that ... but on the other hand you are limited in creating mashups and something like this and you have to make server-turn-arounds to achieve this with serverside request proxies etc. ... here is an interesting read about that ... which in short describes an idea where the developer could give permission to a cross-domain-request ... i think that would be a quite good solution for the need that often appears with that issue ...

kind regards
May 19 '08 #3

Expert Mod 15k+
P: 16,027
Another method of cross-domain access is by using JSON with dynamic script tags.
May 20 '08 #4

Post your reply

Sign in to post your reply or Sign up for a free account.