Cross-site security, target and frames

[Kim Noer]

Hi there ...

I'm having some troubles getting a form posted back to a frame, which was
the 'launching' page to the popup.

Ie. I want to get 'thanksabunch.asp' to post back to the frame1 location

http://site1/frame1.asp launches https://site2/payment.asp which form post
to https://site2/thanksabunch.asp which form post to
http://site1/paymentreceived.asp

in 'thanksabunch.asp' I have a form which contains method="post"
name="payform" target="frame1", all this works in IE, but not in Firefox. So
what I want is a way to post the form data to 'paymentreceived.asp' in
'frame1'. I've fooled around with parent.document, but it list its parent as
'thanksabunch.asp'.

I'm quite sure I can't reach any object on site1, since there's some
cross-site security taking place, effectively preventing me from doing it.

 

[Kim Noer]

I'm having some troubles getting a form posted back to a frame, which
was the 'launching' page to the popup.

Is there really nobody that can help me out here? I'm pretty clueless on
what do to, so any help will be appriciated!

 

[Philip Ronan]

I'm quite sure I can't reach any object on site1, since there's some
cross-site security taking place, effectively preventing me from doing it.

I'm quite sure you're correct. So don't do it

Lately I've been receiving the odd email purporting to be from a major bank
asking clients to update their details. You click on the link in the email
and your browser opens a page in the spammer's website that spawns a pop-up
window and immediately redirects to a page in the bank's website. The pop-up
contains a form that asks you to fill in your credit card details, PIN
number, etc., so that the spammer can presumably empty your bank account
into theirs.

What you're attempting to do sounds very much like this sort of scam, and
I'm glad it isn't working.