Firefox security question

[jahearn]

This are really questions about xsite scripting security. I'm trying to
do a couple things using Firefox browser:

1. Need to detect any mouse click in a frame loaded with a page from an
unknown domain. Don't care what they've clicked on. Just want to know
if they clicked within the frame.

2. Need to keep history of the URLs for the webpages loaded within a
frame.

Thanks,
J

 

[Randy Webb]

jahearn said the following on 2/8/2006 7:19 PM:

This are really questions about xsite scripting security. I'm trying to
do a couple things using Firefox browser:

1. Need to detect any mouse click in a frame loaded with a page from an
unknown domain. Don't care what they've clicked on. Just want to know
if they clicked within the frame.

You and damn near every thief and spammer on the web.

2. Need to keep history of the URLs for the webpages loaded within a
frame.

Yeah right. Give up now.
Where I go is my business, not yours.

 

[jahearn]

Well, it's my business if I'm writing an product that you purchased,
assuming you want it to work well.

 

[Randy Webb]

jahearn said the following on 2/9/2006 2:58 AM:

Well, it's my business if I'm writing an product that you purchased,

I wouldn't purchase a product from someone who lacked the ability to
read an FAQ and then following it's requested guidelines on quoting.

assuming you want it to work well.

Everybody wants everything to work well but not everything can be made
to work well, and especially not this hair-brained scheme of yours.

 

[jahearn]

Randy said the following on 2/9/2006 12:51 am:

I wouldn't purchase a product from someone who lacked the ability to
read an FAQ and then following it's requested guidelines on quoting.

Everybody wants everything to work well but not everything can be made
to work well, and especially not this hair-brained scheme of yours.

Ha! What an angry and silly little person you are!

You write on this newsgroup a lot. Why waste time making your silly
little comments (doesn't the faq say something about this)? Either
leave some useful information or don't reply at all and move on.

This scheme you refer to is not mine I assure you. In fact, I informed
the "schemer" that his ideas were likely not possible using javascript
because of security issues, but I'd be happy to look into what might
be possible with Firefox. I was willing to try because the behavior
he's hoping for is by no means nefarious or intrusive, and because I
know I can duplicate this behavior via other means, albeit at a much
higher cost. My time is limited, so posting here seemed a good
solution at the time. Wasn't expecting that the first set of replies
would be so childish though.

 

[Randy Webb]

jahearn said the following on 2/9/2006 12:12 PM:

Randy said the following on 2/9/2006 12:51 am:



Ha! What an angry and silly little person you are!

"angry"? Not in the least. "Silly"? I gave you the best answer you can
get. You can not cross-domain script - it is a security violation. So in
Firefox you can't do what you are wanting to do.

You write on this newsgroup a lot. Why waste time making your silly
little comments (doesn't the faq say something about this)? Either
leave some useful information or don't reply at all and move on.

http://jibbering.com/faq/#FAQ4_19

<quote>
In the normal browser security model, it is impossible for a script from
one domain to access the properties of pages served from another domain,
or a different protocol. Any attempt to access a property in such cases
will result in a "Permission Denied" error. Signed scripts or trusted
ActiveX objects can overcome this in limited situations.
</quote>

Means that in a default security environment you can't do what you are
wanting to do. But think about the implications if you could do it.

Some hacker wannabe puts your bank website in an IFrame that is set at
100% width and height and then copies your username and password and
posts it in another form to his own server. It doesn't take long to see
why you can't do it.

And just because you didn't get the exact answer you wanted doesn't make
me silly and angry, you have to do some research of your own and this
very question is so frequently asked that it is in the FAQ for this group.

 

[Dr John Stockton]

JRS: In article <[email protected]>, dated
Thu, 9 Feb 2006 03:51:35 remote, seen in

jahearn said the following on 2/9/2006 2:58 AM:

I wouldn't purchase a product from someone who lacked the ability to
read an FAQ and then following it's requested guidelines on quoting.


Everybody wants everything to work well but not everything can be made
to work well, and especially not this hair-brained scheme of yours.

.... hare-brained. It refers to the activities of leporines,
particularly in March. There's a book by a chap called Webster, though
Dr Murray's is better.

 

[Randy Webb]

Dr John Stockton said the following on 2/10/2006 4:23 PM:

JRS: In article <[email protected]>, dated
Thu, 9 Feb 2006 03:51:35 remote, seen in

.... hare-brained.

Had I meant hare-brained instead of hair-brained then I would have,
undoubtedly, written hare-brained. Understand my intentions before you
insert your foot by trying to correct me. You are starting to get a TPEL
type attitude.

It refers to the activities of leporines, particularly in March.

Yours may, mine didn't.

There's a book by a chap called Webster, though
Dr Murray's is better.

But both of them suck so neither is of much use to me.

 

[Dr John Stockton]

JRS: In article <[email protected]>, dated Tue, 14 Feb
2006 16:57:22 remote, seen in Randy Webb

Dr John Stockton said the following on 2/10/2006 4:23 PM:

Had I meant hare-brained instead of hair-brained then I would have,
undoubtedly, written hare-brained. Understand my intentions before you
insert your foot by trying to correct me. You are starting to get a TPEL
type attitude.


Yours may, mine didn't.


But both of them suck so neither is of much use to me.

Well, you clearly don't use correct British English; and you don't use
ordinary American English either; and you don't accept their most
authoritative references. Can you tell us what dictionary you do use,
and whether it's publicly available and if so its publisher?

 

[Randy Webb]

Dr John Stockton said the following on 2/15/2006 8:48 AM:

JRS: In article <[email protected]>, dated Tue, 14 Feb
2006 16:57:22 remote, seen in Randy Webb


Well, you clearly don't use correct British English;

Considering that I am not British, have never claimed to be British and
have even stated so before now, you are mastering the obvious John. I
thought better of you than that.

and you don't use ordinary American English either;

Coming from someone who has such a hatred toward anything American, I
find it ironic that you would claim to have such a vast knowledge of the
American language, it's intricacies and it's dialects. You don't.

and you don't accept their most authoritative references.

You should read Henry David Thoreau's "Civil Disobedience".

Can you tell us what dictionary you do use,

The two on my desk.

and whether it's publicly available

Of course they are. How else did I buy them?

and if so its publisher?

What this has to do with anything, other than an attempt to be pedantic,
only your mind understands.