Firefox security question

Discussion in 'Javascript' started by jahearn, Feb 9, 2006.

  1. jahearn

    jahearn Guest

    This are really questions about xsite scripting security. I'm trying to
    do a couple things using Firefox browser:

    1. Need to detect any mouse click in a frame loaded with a page from an
    unknown domain. Don't care what they've clicked on. Just want to know
    if they clicked within the frame.

    2. Need to keep history of the URLs for the webpages loaded within a
    frame.

    Thanks,
    J
    jahearn, Feb 9, 2006
    #1
    1. Advertising

  2. jahearn

    Randy Webb Guest

    jahearn said the following on 2/8/2006 7:19 PM:
    > This are really questions about xsite scripting security. I'm trying to
    > do a couple things using Firefox browser:
    >
    > 1. Need to detect any mouse click in a frame loaded with a page from an
    > unknown domain. Don't care what they've clicked on. Just want to know
    > if they clicked within the frame.


    You and damn near every thief and spammer on the web.

    > 2. Need to keep history of the URLs for the webpages loaded within a
    > frame.


    Yeah right. Give up now.
    Where I go is my business, not yours.
    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Feb 9, 2006
    #2
    1. Advertising

  3. jahearn

    jahearn Guest

    Well, it's my business if I'm writing an product that you purchased,
    assuming you want it to work well.
    jahearn, Feb 9, 2006
    #3
  4. jahearn

    Randy Webb Guest

    jahearn said the following on 2/9/2006 2:58 AM:
    > Well, it's my business if I'm writing an product that you purchased,


    I wouldn't purchase a product from someone who lacked the ability to
    read an FAQ and then following it's requested guidelines on quoting.

    > assuming you want it to work well.


    Everybody wants everything to work well but not everything can be made
    to work well, and especially not this hair-brained scheme of yours.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Feb 9, 2006
    #4
  5. jahearn

    jahearn Guest

    Randy said the following on 2/9/2006 12:51 am:

    >I wouldn't purchase a product from someone who lacked the ability to
    >read an FAQ and then following it's requested guidelines on quoting.


    >Everybody wants everything to work well but not everything can be made
    >to work well, and especially not this hair-brained scheme of yours.


    Ha! What an angry and silly little person you are!

    You write on this newsgroup a lot. Why waste time making your silly
    little comments (doesn't the faq say something about this)? Either
    leave some useful information or don't reply at all and move on.

    This scheme you refer to is not mine I assure you. In fact, I informed
    the "schemer" that his ideas were likely not possible using javascript
    because of security issues, but I'd be happy to look into what might
    be possible with Firefox. I was willing to try because the behavior
    he's hoping for is by no means nefarious or intrusive, and because I
    know I can duplicate this behavior via other means, albeit at a much
    higher cost. My time is limited, so posting here seemed a good
    solution at the time. Wasn't expecting that the first set of replies
    would be so childish though.
    jahearn, Feb 9, 2006
    #5
  6. jahearn

    Randy Webb Guest

    jahearn said the following on 2/9/2006 12:12 PM:
    > Randy said the following on 2/9/2006 12:51 am:
    >
    >> I wouldn't purchase a product from someone who lacked the ability to
    >> read an FAQ and then following it's requested guidelines on quoting.

    >
    >> Everybody wants everything to work well but not everything can be made
    >> to work well, and especially not this hair-brained scheme of yours.

    >
    > Ha! What an angry and silly little person you are!


    "angry"? Not in the least. "Silly"? I gave you the best answer you can
    get. You can not cross-domain script - it is a security violation. So in
    Firefox you can't do what you are wanting to do.

    > You write on this newsgroup a lot. Why waste time making your silly
    > little comments (doesn't the faq say something about this)? Either
    > leave some useful information or don't reply at all and move on.


    http://jibbering.com/faq/#FAQ4_19

    <quote>
    In the normal browser security model, it is impossible for a script from
    one domain to access the properties of pages served from another domain,
    or a different protocol. Any attempt to access a property in such cases
    will result in a "Permission Denied" error. Signed scripts or trusted
    ActiveX objects can overcome this in limited situations.
    </quote>

    Means that in a default security environment you can't do what you are
    wanting to do. But think about the implications if you could do it.

    Some hacker wannabe puts your bank website in an IFrame that is set at
    100% width and height and then copies your username and password and
    posts it in another form to his own server. It doesn't take long to see
    why you can't do it.

    And just because you didn't get the exact answer you wanted doesn't make
    me silly and angry, you have to do some research of your own and this
    very question is so frequently asked that it is in the FAQ for this group.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Feb 9, 2006
    #6
  7. JRS: In article <>, dated
    Thu, 9 Feb 2006 03:51:35 remote, seen in news:comp.lang.javascript,
    Randy Webb <> posted :
    >jahearn said the following on 2/9/2006 2:58 AM:
    >> Well, it's my business if I'm writing an product that you purchased,

    >
    >I wouldn't purchase a product from someone who lacked the ability to
    >read an FAQ and then following it's requested guidelines on quoting.
    >
    >> assuming you want it to work well.

    >
    >Everybody wants everything to work well but not everything can be made
    >to work well, and especially not this hair-brained scheme of yours.


    .... hare-brained. It refers to the activities of leporines,
    particularly in March. There's a book by a chap called Webster, though
    Dr Murray's is better.

    --
    © John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 IE 4 ©
    <URL:http://www.jibbering.com/faq/> JL/RC: FAQ of news:comp.lang.javascript
    <URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
    <URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
    Dr John Stockton, Feb 10, 2006
    #7
  8. jahearn

    Randy Webb Guest

    Dr John Stockton said the following on 2/10/2006 4:23 PM:
    > JRS: In article <>, dated
    > Thu, 9 Feb 2006 03:51:35 remote, seen in news:comp.lang.javascript,
    > Randy Webb <> posted :
    >> jahearn said the following on 2/9/2006 2:58 AM:
    >>> Well, it's my business if I'm writing an product that you purchased,

    >> I wouldn't purchase a product from someone who lacked the ability to
    >> read an FAQ and then following it's requested guidelines on quoting.
    >>
    >>> assuming you want it to work well.

    >> Everybody wants everything to work well but not everything can be made
    >> to work well, and especially not this hair-brained scheme of yours.

    >
    > .... hare-brained.


    Had I meant hare-brained instead of hair-brained then I would have,
    undoubtedly, written hare-brained. Understand my intentions before you
    insert your foot by trying to correct me. You are starting to get a TPEL
    type attitude.

    > It refers to the activities of leporines, particularly in March.


    Yours may, mine didn't.

    > There's a book by a chap called Webster, though
    > Dr Murray's is better.


    But both of them suck so neither is of much use to me.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Feb 14, 2006
    #8
  9. JRS: In article <>, dated Tue, 14 Feb
    2006 16:57:22 remote, seen in news:comp.lang.javascript, Randy Webb
    <> posted :
    >Dr John Stockton said the following on 2/10/2006 4:23 PM:
    >> JRS: In article <>, dated
    >> Thu, 9 Feb 2006 03:51:35 remote, seen in news:comp.lang.javascript,
    >> Randy Webb <> posted :


    >>> to work well, and especially not this hair-brained scheme of yours.

    >>
    >> .... hare-brained.

    >
    >Had I meant hare-brained instead of hair-brained then I would have,
    >undoubtedly, written hare-brained. Understand my intentions before you
    >insert your foot by trying to correct me. You are starting to get a TPEL
    > type attitude.
    >
    >> It refers to the activities of leporines, particularly in March.

    >
    >Yours may, mine didn't.
    >
    >> There's a book by a chap called Webster, though
    >> Dr Murray's is better.

    >
    >But both of them suck so neither is of much use to me.


    Well, you clearly don't use correct British English; and you don't use
    ordinary American English either; and you don't accept their most
    authoritative references. Can you tell us what dictionary you do use,
    and whether it's publicly available and if so its publisher?

    --
    © John Stockton, Surrey, UK. ???@merlyn.demon.co.uk Turnpike v4.00 MIME. ©
    Web <URL:http://www.merlyn.demon.co.uk/> - FAQish topics, acronyms, & links.
    Check boilerplate spelling -- error is a public sign of incompetence.
    Never fully trust an article from a poster who gives no full real name.
    Dr John Stockton, Feb 15, 2006
    #9
  10. jahearn

    Randy Webb Guest

    [OT] JRS Pedantics (was Re: Firefox security question)

    Dr John Stockton said the following on 2/15/2006 8:48 AM:
    > JRS: In article <>, dated Tue, 14 Feb
    > 2006 16:57:22 remote, seen in news:comp.lang.javascript, Randy Webb
    > <> posted :
    >> Dr John Stockton said the following on 2/10/2006 4:23 PM:
    >>> JRS: In article <>, dated
    >>> Thu, 9 Feb 2006 03:51:35 remote, seen in news:comp.lang.javascript,
    >>> Randy Webb <> posted :

    >
    >>>> to work well, and especially not this hair-brained scheme of yours.
    >>> .... hare-brained.

    >> Had I meant hare-brained instead of hair-brained then I would have,
    >> undoubtedly, written hare-brained. Understand my intentions before you
    >> insert your foot by trying to correct me. You are starting to get a TPEL
    >> type attitude.
    >>
    >>> It refers to the activities of leporines, particularly in March.

    >> Yours may, mine didn't.
    >>
    >>> There's a book by a chap called Webster, though
    >>> Dr Murray's is better.

    >> But both of them suck so neither is of much use to me.

    >
    > Well, you clearly don't use correct British English;


    Considering that I am not British, have never claimed to be British and
    have even stated so before now, you are mastering the obvious John. I
    thought better of you than that.

    > and you don't use ordinary American English either;


    Coming from someone who has such a hatred toward anything American, I
    find it ironic that you would claim to have such a vast knowledge of the
    American language, it's intricacies and it's dialects. You don't.

    > and you don't accept their most authoritative references.


    You should read Henry David Thoreau's "Civil Disobedience".

    > Can you tell us what dictionary you do use,


    The two on my desk.

    > and whether it's publicly available


    Of course they are. How else did I buy them?

    > and if so its publisher?


    What this has to do with anything, other than an attempt to be pedantic,
    only your mind understands.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Feb 16, 2006
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    6
    Views:
    351
    SpaceGirl
    Sep 12, 2005
  2. cwdjrxyz

    Firefox Has Security Update

    cwdjrxyz, Feb 3, 2006, in forum: HTML
    Replies:
    3
    Views:
    343
    Roy Schestowitz
    Feb 4, 2006
  3. cwdjrxyz
    Replies:
    1
    Views:
    274
    Chris F.A. Johnson
    Oct 3, 2006
  4. Replies:
    3
    Views:
    76
    Noozer
    Sep 11, 2005
  5. VK
    Replies:
    9
    Views:
    91
Loading...

Share This Page