cross frame scripting

Discussion in 'Javascript' started by Vongza, Dec 26, 2005.

  1. Vongza

    Vongza Guest

    <html>
    <head>
    <title>Cross Frame Reference</title>
    <script language="javascript">
    function showThisTitle() {
    alert(document.title);
    }
    function showAnotherTitle() {
    try {
    alert(anotherWorld.document.title);
    }
    catch (e) {
    alert(e);
    }
    }
    </script>
    </head>
    <body>
    <iframe width="100%" height="50%" name="anotherWorld"
    src="http://www.google.co.kr/"></iframe><br><br>
    <div align="center">
    <input type="button" value="Show this title"
    onClick="showThisTitle();">
    <input type="button" value="Show iframe's title"
    onClick="showAnotherTitle();">
    </div>
    </body>
    </html>

    in the code above, i cannot get the document title of iframe.
    i have understood it was because of security problem.

    how can i get the title, (location.)href or (domain.)url of iframe
    beyond security problem?
     
    Vongza, Dec 26, 2005
    #1
    1. Advertising

  2. Vongza

    Danny Guest

    You can't :), mozilla points out to using a signed script, meaning, a
    script with some certificate to disable the security, coming from the
    domain loaded in the frame, but all that's on the server, not client.

    Danny
     
    Danny, Dec 26, 2005
    #2
    1. Advertising

  3. Vongza wrote:


    > <iframe width="100%" height="50%" name="anotherWorld"
    > src="http://www.google.co.kr/"></iframe>


    > how can i get the title, (location.)href or (domain.)url of iframe
    > beyond security problem?


    If the iframe contains a document loaded from the same origin as the
    parent document then script in the parent document can access
    window.frames.anotherWorld.location.href
    window.frames.anotherWorld.location.host
    window.frames.anotherWorld.document.title

    I am not sure what "beyond security problem" means, if you are looking
    for ways to script such a document on a remote host with script from
    your own document then on Windows instead of IE you could use HTA, HTML
    applications as there your script is not subjected to the same origin
    policy. Or you could write a Windows Script Host script to automate an
    IE browser window into which you load that URL, that way your Windows
    Script Host script has access to the objects IE exposes for the document.
    With Mozilla/Netscape you don't need an HTA but could write your own
    local HTML document referencing that external frame document and then
    your script in the local HTML document is able to request privileges to
    do stuff normally not allowed, e.g. access that frame. But that will
    only work if your own HTML document is being loaded locally and the
    browser users then in a dialog grants the script the privilege. If you
    have a document on a HTTP server then you need signed script.
    Here is an example, if you load that from the local file system in
    Mozilla or Firefox then every time a document has been loaded in the
    iframe the script requests the UniversalBrowserRead privilege for cross
    domain scripting, so the browser will fire up a dialog asking the user
    to grant or deny the privilege and if granted the script access the
    iframe and its document:

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
    <html lang="en">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>requesting privilege in Mozilla</title>
    <script type="text/javascript">
    function output (text, tagName, parentNode) {
    tagName = tagName || 'p';
    parentNode = parentNode || document.body;
    var doc = parentNode.ownerDocument;
    var element = doc.createElement(tagName);
    element.appendChild(doc.createTextNode(text));
    parentNode.appendChild(element);
    }

    function privilegeTest () {
    if (typeof netscape != 'undefined' &&
    typeof netscape.security != 'undefined' &&
    typeof netscape.security.PrivilegeManager != 'undefined' &&
    typeof netscape.security.PrivilegeManager.enablePrivilege !=
    'undefined')
    {
    try {

    netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead');
    try {
    var frame = window.frames.remoteFrame;
    output('location.href: ' + frame.location.href);
    output('location.host: ' + frame.location.host);
    output('title: ' + frame.document.title);
    var p = frame.document.getElementsByTagName('p')[0];
    if (p != null) {
    p.appendChild(p.ownerDocument.createTextNode(
    ' Kibology for all. '));
    }
    }
    catch (e1) {
    output('Error ' + e.message);
    }
    }
    catch (e) {
    output('Privilege not granted: ' + (typeof e == 'string' ? e :
    e.message));
    }
    }
    }
    </script>
    </head>
    <body>

    <h1>privilege test</h1>

    <div>
    <iframe name="remoteFrame"
    width="100%"
    height="400"
    onload="privilegeTest();"
    src="http://www.mozilla.com/"></iframe>
    </div>
    </body>
    </html>

    --

    Martin Honnen
    http://JavaScript.FAQTs.com/
     
    Martin Honnen, Dec 26, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. WT

    cross frame scripting

    WT, May 4, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    1,595
    bruce barker \(sqlwork.com\)
    May 4, 2006
  2. Cindy Lee
    Replies:
    1
    Views:
    427
    Randy Webb
    May 7, 2004
  3. NoCopy  na
    Replies:
    6
    Views:
    248
    NoCopy na
    Jun 21, 2005
  4. Replies:
    4
    Views:
    149
  5. Replies:
    11
    Views:
    164
Loading...

Share This Page