By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,567 Members | 1,185 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,567 IT Pros & Developers. It's quick & easy.

permission denied to access window object

P: n/a
Hi,

I know if the frames/windows can't access properties inside another
frame/window that comes from a different domain. But could this call
violate the security

window.parent

if the window comes from a different domain?

I know it is safe to call window.location.

thank you!
Jul 7 '08 #1
Share this Question
Share on Google+
2 Replies


P: n/a
"ja********@gmail.com" <ja********@gmail.comwrites:
Hi,

I know if the frames/windows can't access properties inside another
frame/window that comes from a different domain. But could this call
violate the security

window.parent

if the window comes from a different domain?
IIRC, window.parent is normally safe. but it's *not* allowed to access
any (or at least, most) of the properties of window.parent if that
refers to a document from another domain.
I know it is safe to call window.location.
Well, yeah. By definition that refers to the current frame's
location. window is the global object.

--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/
Jul 7 '08 #2

P: n/a
On Jul 7, 10:44 pm, "jackcha...@gmail.com" wrote:
I know if the frames/windows can't access properties
inside another frame/window that comes from a different
domain. But could this call violate the security

window.parent

if the window comes from a different domain?
That is not a "call", it is a property accessor. There are no security
implications in evaluating the code - window.parent - because the
result of that evaluation is an instance of the internal Reference
type with its 'base' property set to whichever object the Identifier
'window' evaluated as (probably the current window/global object) and
its 'property name' property containing the string 'parent'.
I know it is safe to call window.location.
In some environments perhaps, but there is nothing that suggests that
all - location - objects will be (or should be) callable, and most
certainly are not.
Jul 8 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.