469,592 Members | 2,026 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,592 developers. It's quick & easy.

IE 6 Bug - Is DHTML Becoming Too Powerful? Cross-domain scripting not allowed

Hello,
I really believe that IE 6 has a new (intentional?) bug that severely limits the capability of dhtml and cross domain scripting. Yesterday, I read an interesting article about the subject and it only supported my claim. The article explained why Microsoft will not be letting the IE DHTML Implementation get any more powerful than it already is. Microsoft has realized that an experienced DHTML developer can create a web application that looks and performs just like a desktop application. It doesn't take a rocket scientist to realize the impact that this will have on the sales of Microsoft's new Core Development Products and Technologies (WinForms, C#, .net).

After I read this article, I started to think about an .hta script that suddenly quit working when I upgraded from IE 5 to IE 6. The script used cross domain techniques but nothing really fancy. To make matters worse, I have tried extensively to update and fix my script with no luck. I still receive 'Access Denied' errors.

If you are interested, I have prepared a simple code example containing a dhtml 'one-liner' which demonstrates the cross domain scripting technique that I have been ranting about. To use the example, save the code to a file with the .hta extension. Double click the .hta file to execute it. The application is very simple. Select some text with your mouse and click the 'Get HTML' button. The button is suppose to (and did under IE 5) pop up an alert message that contains the HTML snippet which corresponds to your selection. To try and fix the script, I added the application="yes" attribute to the IFRAME Tag. According to the documentation, this is a new requirement for IE 6. It is suppose to lower the security constraints for the iframe, thus enabling cross domain scripting. It didn't work. Do take note that the example works when the html file in the iframe is on your local machine (example- change the 'src' attribute of the iframe to 'c:\file.htm' or something).

Code Example:
[HTML]<html>
<head>
<TITLE>Simple Cross Domain DHTML Mouse Selection Script</TITLE>
<HTA:APPLICATION ID="HTAEx"
APPLICATIONNAME="HTAEx"
ICON="e.ico"
WINDOWSTATE="normal">
</head>
<body>
<input type="button" value="Get HTML" onClick="getText()"><br><span><br>
<iframe Application="yes" src="http://msdn.microsoft.com" id="TheFrame" style="width: 100%; height: 85%"></iframe>
<script language=JScript>
function getText()
{
var doc = window.frames.TheFrame.document;
var text1 = doc.selection.createRange().htmlText;
alert(text1);
}
</script>
</body>
</html>[/HTML]

Let me know what you think.
Oct 8 '06 #1
3 2310
acoder
16,027 Expert Mod 8TB
Conspiracy theories, don't you just love 'em? ;)

JavaScript doesn't allow cross-domain access unless in reduced security, e.g. "file:" or when granted privileges. You can use Ajax which allows server-side code to be run without reloading the page - now that's a lot more powerful than DHTML!
May 19 '08 #2
gits
5,390 Expert Mod 4TB
hi ...

there are some common and known issues with cross-domain-requests and at this moment it is 'good' that JavaScript doesn't allow that ... but on the other hand you are limited in creating mashups and something like this and you have to make server-turn-arounds to achieve this with serverside request proxies etc. ... here is an interesting read about that ... which in short describes an idea where the developer could give permission to a cross-domain-request ... i think that would be a quite good solution for the need that often appears with that issue ...

kind regards
May 19 '08 #3
acoder
16,027 Expert Mod 8TB
Another method of cross-domain access is by using JSON with dynamic script tags.
May 20 '08 #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

19 posts views Thread by Arthur | last post: by
3 posts views Thread by Thomas Kemetmüller | last post: by
1 post views Thread by Catherine Lynn Smith | last post: by
21 posts views Thread by Nik Coughlin | last post: by
6 posts views Thread by Terry | last post: by
3 posts views Thread by cjl | last post: by
2 posts views Thread by Questman | last post: by
6 posts views Thread by petermichaux | last post: by
reply views Thread by suresh191 | last post: by
4 posts views Thread by guiromero | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.