preventing Access/Permission Denied errors

[Nick]

OK Guys and Gals,

I've got a script that does some work with the document object in
another frame.

This works fine until the other frame contains a document on another
domain. This of course produces a permission error.

I don't actually want to do anything with the document if the page is
on a different domain BUT I do want to detect this situation before it
occurs, and then allow my script to terminate peacefully instead of
producing an error.

How can I do this?

I suppose I could use IE's try and catch, but that means I'll still
have problems on other browsers.

All suggestions gratefully received.

Cheers

N

 

[Ron]

[snip]

I suppose I could use IE's try and catch, but that means I'll still
have problems on other browsers.

try{...} catch{...} isn't IE, it's ECMAScript 3
<http://www.ecma-international.org/publications/standards/Stnindex.htm>,
which Javascript 1.5 is an implementation of. I've used try{...}
catch{...} on Mozilla and Firefox with no problems.

 

[Richard Cornford]

Nick wrote:

I don't actually want to do anything with the document if the page is
on a different domain BUT I do want to detect this situation before it
occurs, and then allow my script to terminate peacefully instead of
producing an error.

How can I do this?

I suppose I could use IE's try and catch, but that means I'll still
have problems on other browsers.

<snip>

They aren't IE's try-catch, they are specified in ECMA 262 3rd edition,
and implemented in JavaScript 1.4+, but they do represent a syntax error
in all earlier versions so are generally best avoided in cross-browser
scripting (at least for another couple of years).

You cannot determine that a document in the other frame is from a
different domain because of the security restrictions, as you have
discovered. But you don't really need to as all you actually need to
know is whether the page in the other frame is from your domain, and
thus safe to interact with. Your own pages are in a position to report
their presence to the frameset.

So, for example, you could have each of your own pages set a variable in
the frameset to true from it's onload event, and then re-set that
variable to false in its onunload event. You would then know that it was
safe to interact with the other frame whenever the variable was set to
true and unsafe whenever it was false.

Richard.

 

[Cindy Lee]

How can I add a safe domain? I get an access error when doing this
document.all("dynamicFrame"); //my iframe



function iframeResize() {
var oBody = dynamicFrame.document.body;
var oFrame = document.all("dynamicFrame");
oFrame.style.height = oBody.scrollHeight
+oBody.offsetHeight-oBody.clientHeight;

//This is the alert call that miraculously makes this function
alert(caller +" oFrame.style.height = " +oFrame.style.height);
}

//Description:Initializes the page by creating the scroll objects
//setting browser specific information
function InitializePage(){
//d_bw.ns4||d_bw.ns5?"":iframeResize();
setTimeout("iframeResize()",2000);
//iframeResize();
}


<IFRAME APPLICATION="yes" style="width:100%;" ID="dynamicFrame"
NAME="dynamicFrame" frameborder="no" scrolling="no"
SRC="https://mydomain.com/page.jsp"> Sorry, you need inline frames to fully
see this page. </IFRAME>

 

[Richard Cornford]

How can I add a safe domain?

Questions of that quality are likely to receive fatuous answers. What on
earth are you talking about?

I get an access error when doing this
document.all("dynamicFrame"); //my iframe

<snip>

Yes, that is a statement that is likely to produce an error of one sort
or another in most browsers.

Richard.

 

[Nick]

They aren't IE's try-catch, they are specified in ECMA 262 3rd edition,
and implemented in JavaScript 1.4+, but they do represent a syntax error
in all earlier versions so are generally best avoided in cross-browser
scripting (at least for another couple of years).

Hmmm... I share your concerns about cross browser scripting, even if
try...catch is available on other browsers. The kind of people my
application is written for may well have older browsers with older
versions of js.

So, for example, you could have each of your own pages set a variable in
the frameset to true from it's onload event, and then re-set that
variable to false in its onunload event. You would then know that it was
safe to interact with the other frame whenever the variable was set to
true and unsafe whenever it was false.

Richard, this is an excellent suggestion. Unfortunately I cannot add
any js to the pages on the domain I am working on! The script I was
talking about runs on a page which acts as a kind of "client
statistics utility" for a customer's web site. I can't then ask my
customers to alter all of their pages (either by adding some code or
src-ing a js file). It's just not viable.

I appreciate the suggestion though, and if you or any others can think
of a viable alternative to try...catch that would be great. Otherwise,
looks like I've got to do some js version detection, and have to
prevent users with js 1.4 downwards from using my utility. Bummer.

Cheers for your continuing help!

N