document.domain problem

  • Thread starter raviviswanathan.81
  • Start date
R

raviviswanathan.81

Hello,

So we have a webmaster who sets document.domain to some domain. After
that, we try to create and inject text inside an iframe by getting the
iframeID.contentDocument (or iframeID.contentWindow.document for
MSIE). This results in an 'access denied' issue in MSIE (No problem in
Mozilla). Note that if there is document.domain initialization before
this iframe creation/content injection, there is no problem and all
works well.

To get around this issue, we tried to avoid accessing the iframe
document. Instead we assigned all the content to be injected to
iframe.src.
iframe.src='javascript:document.write("Contents to be injected")

This actually worked and even if there is a document.domain
declaration, we were able to successfully create and inject contents
inside the iframe.

The problem with this was that the maximum URL length in MSIE is 2K
characters. The value of iframe.src cannot be more than that. In our
case, we were going to be injecting contents over 2K all the time.
To address this, we did a work-around like this -
window.frames[iframe.name]['contents'] = "content to be injected";
iframe.src = 'javascript:document.write(window["contents"])';

When we do this, it again results in an 'access denied' issue in MSIE
when document.domain is set before creating the iframe. But when
document.domain is not set, this method works well (as is expected).

I think I have explained my problem here - I want to be able to inject
contents inside an iframe and at the same time, have it work when we
have assignments for document.domain (and other similar attributes)
before the iframe creation/injection.

Appreciate any good tips/advise.

Thanks
 
T

Thomas 'PointedEars' Lahn

So we have a webmaster who sets document.domain to some domain. After
that, we try to create and inject text inside an iframe by getting the
iframeID.contentDocument (or iframeID.contentWindow.document for
MSIE). This results in an 'access denied' issue in MSIE (No problem in
Mozilla). Note that if there is document.domain initialization before
this iframe creation/content injection, there is no problem and all
works well.

To get around this issue, we tried to avoid accessing the iframe
document. Instead we assigned all the content to be injected to
iframe.src.
iframe.src='javascript:document.write("Contents to be injected")

This actually worked
Click to expand...

It shouldn't. The `javascript:' proprietary URI scheme/pseudo-protocol is
intended to generate dynamic documents by evaluating a Program, of which the
result is the result of the last evaluated expression. Since
document.write() should not return anything, the result of the expression
and the program would be `undefined', and that should result in an empty
document if any.

So what is supposed to work is

iframe.src = "javascript:'Contents to be injected'";
and even if there is a document.domain declaration,
Click to expand...

There is no such thing. Probably you mean an _assignment_ to that property.
we were able to successfully create and inject contents inside the iframe.
Click to expand...

That should not be surprising as its domain is null or the empty string then.
The problem with this was that the maximum URL length in MSIE is 2K
characters.
Click to expand...

The maximum *URL length* in Internet Explorer is 2083 *characters*.
2K would be 2048 (characters), which is the maximum path length instead.

The value of iframe.src cannot be more than that. In our
case, we were going to be injecting contents over 2K all the time.
Click to expand...

One wonders why you go on lengths with all this nonsense when you could
simply replace the iframe element with another one to achieve the same.
To address this, we did a work-around like this -
window.frames[iframe.name]['contents'] = "content to be injected";
Click to expand...

Host objects should not be augmented, it is error-prone.
iframe.src = 'javascript:document.write(window["contents"])';

When we do this, it again results in an 'access denied' issue in MSIE
when document.domain is set before creating the iframe. But when
document.domain is not set, this method works well (as is expected).
Click to expand...

You should not expect it to work.
I think I have explained my problem here - I want to be able to inject
contents inside an iframe and at the same time, have it work when we
have assignments for document.domain (and other similar attributes)
before the iframe creation/injection.
Click to expand...

Why? The whole thing looks bogus.


PointedEars
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Firefox bug with Document.Domain 13
Access Denied - How to set document.domain when writing to new window 2
Access Denied error in IE6 when try to access to a IFRAME without src 2
document.domain / iframe woes 0
Logic Problem with BigInteger Method 2
IFRAME return currentURL from SAME DOMAIN 0
Problem with android and scrolling with <input textarea 5
Can't solve this problem from my university 7

Members online

No members online now.
Total: 24 (members: 1, guests: 23)
Robots: 403

Forum statistics

Threads
473,770
Messages
2,569,584
Members
45,075
Latest member
MakersCBDBloodSupport

Latest Threads

Top