By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,448 Members | 901 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,448 IT Pros & Developers. It's quick & easy.

window.onload

P: n/a

Why doesn't this seem to work?

var win; // window handle

function onloadfunction( arg ){ // replace cnn with google
win.navigate( "http://www.google.com" );// never executes
}

win = window.open("http://www.cnn.com", "win", ""); // open window
with CNN
win.onload = onloadfunction; // set onload funciton

but never see google displayed!

Jul 20 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Richard Bell wrote:
Why doesn't this seem to work?

var win; // window handle

function onloadfunction( arg ){ // replace cnn with google
win.navigate( "http://www.google.com" );// never executes
}

win = window.open("http://www.cnn.com", "win", ""); // open window
with CNN
win.onload = onloadfunction; // set onload funciton

but never see google displayed!


Because you can only have access to the object model of another page, if
you are coming from the same domain as the page you want to control.

This is a security feature of JavaScript, so I cannot bring a page up in
a frame, and run my code on it.

For instance, immagine I bring up www.yourBank.com, and for the login, I
replace the onsubmit method of the login form with my own function. I
could grab your username and password, and then submit the form.

This would be very bad:
////////////////////////////////////////////
var win;
var oldsubmit = null;

function onsubmitfunction {
// Here is your user name and password!!!!!
yourUsername = win.document.getElementById("Username");
yourPassword = win.document.getElementById("Password");
// send this data to your server, for storage
...
// run the old submit function, so everything looks the way it should
if(oldsubmit)
return oldsubmit();
else
return true;
}
function onloadfunction() {
// save the old submit function, and replace it with ours
oldsubmit = win.document.getElementById("LoginForm").onsubmit;
win.document.getElementById("LoginForm").onsubmit = onsubmitfunction;
}

win = window.open("http://www.yourBank.com", "win", "");
win.onload = onloadfunction;
///////////////////////////////////////////////

It is really just an example of how what you want to do could be a real
security risk.

Brian

Jul 20 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.