473,473 Members | 1,893 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

document.domain problem

Hello,

So we have a webmaster who sets document.domain to some domain. After
that, we try to create and inject text inside an iframe by getting the
iframeID.contentDocument (or iframeID.contentWindow.document for
MSIE). This results in an 'access denied' issue in MSIE (No problem in
Mozilla). Note that if there is document.domain initialization before
this iframe creation/content injection, there is no problem and all
works well.

To get around this issue, we tried to avoid accessing the iframe
document. Instead we assigned all the content to be injected to
iframe.src.
iframe.src='javascript:document.write("Contents to be injected")

This actually worked and even if there is a document.domain
declaration, we were able to successfully create and inject contents
inside the iframe.

The problem with this was that the maximum URL length in MSIE is 2K
characters. The value of iframe.src cannot be more than that. In our
case, we were going to be injecting contents over 2K all the time.
To address this, we did a work-around like this -
window.frames[iframe.name]['contents'] = "content to be injected";
iframe.src = 'javascript:document.write(window["contents"])';

When we do this, it again results in an 'access denied' issue in MSIE
when document.domain is set before creating the iframe. But when
document.domain is not set, this method works well (as is expected).

I think I have explained my problem here - I want to be able to inject
contents inside an iframe and at the same time, have it work when we
have assignments for document.domain (and other similar attributes)
before the iframe creation/injection.

Appreciate any good tips/advise.

Thanks

Nov 8 '08 #1
1 6491
ra****************@gmail.com wrote:
So we have a webmaster who sets document.domain to some domain. After
that, we try to create and inject text inside an iframe by getting the
iframeID.contentDocument (or iframeID.contentWindow.document for
MSIE). This results in an 'access denied' issue in MSIE (No problem in
Mozilla). Note that if there is document.domain initialization before
this iframe creation/content injection, there is no problem and all
works well.

To get around this issue, we tried to avoid accessing the iframe
document. Instead we assigned all the content to be injected to
iframe.src.
iframe.src='javascript:document.write("Contents to be injected")

This actually worked
It shouldn't. The `javascript:' proprietary URI scheme/pseudo-protocol is
intended to generate dynamic documents by evaluating a Program, of which the
result is the result of the last evaluated expression. Since
document.write() should not return anything, the result of the expression
and the program would be `undefined', and that should result in an empty
document if any.

So what is supposed to work is

iframe.src = "javascript:'Contents to be injected'";
and even if there is a document.domain declaration,
There is no such thing. Probably you mean an _assignment_ to that property.
we were able to successfully create and inject contents inside the iframe.
That should not be surprising as its domain is null or the empty string then.
The problem with this was that the maximum URL length in MSIE is 2K
characters.
The maximum *URL length* in Internet Explorer is 2083 *characters*.
2K would be 2048 (characters), which is the maximum path length instead.

<http://support.microsoft.com/kb/208427>
The value of iframe.src cannot be more than that. In our
case, we were going to be injecting contents over 2K all the time.
One wonders why you go on lengths with all this nonsense when you could
simply replace the iframe element with another one to achieve the same.
To address this, we did a work-around like this -
window.frames[iframe.name]['contents'] = "content to be injected";
Host objects should not be augmented, it is error-prone.
iframe.src = 'javascript:document.write(window["contents"])';

When we do this, it again results in an 'access denied' issue in MSIE
when document.domain is set before creating the iframe. But when
document.domain is not set, this method works well (as is expected).
You should not expect it to work.
I think I have explained my problem here - I want to be able to inject
contents inside an iframe and at the same time, have it work when we
have assignments for document.domain (and other similar attributes)
before the iframe creation/injection.
Why? The whole thing looks bogus.
PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16
Nov 8 '08 #2
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
domain problem in asp
by: Rahul Chatterjee | last post by:
Hello all I have a web page which has 3 frames. The top and the left navigation frames are on a separate domain. The right display frame initially starts on the same domain as the other two...
Latest Bytes
2
Changeing document.domain to a different domain
by: Cindy Lee | last post by:
Can this be done in https? If the page I'm on is at 'www.abc.com' can I: document.domain='www.def.com' i get invalid argument if i do that? Is there anyway around this?
Latest Bytes
1
document.domain issues and cross server scripting
by: writeson | last post by:
Hi all, I'm working on a project at the office that pulls together a bunch of our websites into a portal thing and adds a better search engine. We're also trying to accomadate newer browsers...
Latest Bytes
2
Access Denied - How to set document.domain when writing to new window
by: johkar | last post by:
I am getting an Access denied error when I write to a new window. The situation and code are outlined below. I am setting the domain in the main window. The problem is that the window I am...
Latest Bytes
1
Can't set document.domain
by: jkeel | last post by:
Can't seem to figure this out ... I'm trying to do some cross-frame scripting and ... When I do an alert(document.domain) in the onload event of the body I get an empty alert box. Then when...
Latest Bytes
1
document.domain for cross domain access with AHAH
by: vegetablebeef | last post by:
I know cross domain stuff has been discussed here before but I could not find a answer to my issue. I am a designer that does "hunt and peck" coding so again please excuse my lack of technical savy....
Latest Bytes
1
Document "); and Document '); Confusing problem
by: abcbook | last post by:
Can anyone explain a get around for this .js file I’m trying to create or tell me if there is one or what am I missing. I Do Not what to put the form Directly on the HTML Page. This .js file will...
Latest Bytes
3
Re: document.domain obsoleted?
by: Alejandro Rivero | last post by:
On 18 abr, 19:50, Thomas 'PointedEars' Lahn <PointedE...@web.de> wrote: I see. I was mislead due to some hints on the contrary, as well as my bad memory and the fact that actually it applies...
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
1
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes
0
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us