Cross-Frame Scripting, IFRAME and https (access denied)

C

Cindy Lee

I'm trying to dynamically set the height of my Iframe. my https: main page
is calling another https in an Iframe. But i get an access denied error
from my javascript trying to call the parent document.

Main https page
<IFRAME APPLICATION="yes" style="width:100%;" id="iframename"
frameborder="no" scrolling="no" SRC="https://www.otherdomain.com">



otherdomain.com html
------------------------------------------------
<script>
function bodyheight() {
x = document.body.scrollHeight
parent.document.all.iframename.style.height = x
}
</script>
 
R

Randy Webb

Cindy said:
I'm trying to dynamically set the height of my Iframe. my https: main page
is calling another https in an Iframe. But i get an access denied error
from my javascript trying to call the parent document.

Main https page
<IFRAME APPLICATION="yes" style="width:100%;" id="iframename"
frameborder="no" scrolling="no" SRC="https://www.otherdomain.com">

And there, in your SRC attribute, is the source of your problems. You
are trying to script one domain from another and that is a *very*
serious breach of security. It doesn't matter that they both belong to
you, the browser doesn't care. They aren't the same domain.
otherdomain.com html
------------------------------------------------
<script>
function bodyheight() {
x = document.body.scrollHeight
parent.document.all.iframename.style.height = x

Further, that line will only work in IE and a very small list of other
browsers since its the only ones that support document.all
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top