G
Guest
I asked a couple of days ago about the following arrangement
(simplified). I made some progress using
netscape.security.PrivilegeManager.enablePrivilege but still have to ask
some further help.
1) a frameset contains
- a number of javascript functions in the head (they do something
like top.frames["UP"].document.myform.elements.value = v
- two frames UP and DOWN
2) the frame UP contains a form, whose action invokes a java servlet
(on the same machine, but by definition port 8080)
3) the servlet writes into frame DOWN (initially blank) a number
of javascript statements, which invoke functions of the form
parent.functioname(argument) ... i.e. those defined in the head
of the frameset
4) the effect of this should be to update some text input areas
or check buttons in the form in frame UP
For demo purposes I could replace step 3 loading in frame DOWN a fixed
set of javascript statements. I could put the source of frame DOWN on
the same server as frame UP, or on a different server.
In the case of the java servlet, as well if the source of DOWN is on a
different server, the javascripts cannot update the form, because of a
breach of the "Mozilla security model" as pointed out by Martin Honnen
(http://www.mozilla.org/projects/security/components/same-origin.html).
The javascripts cannot update the form under Mozilla and Netscape 6/7
(and also 4). They work under Netscape 3 or Konqueror.
I found that I can allow the javascripts residing on a "different
machine" to update the form with the following procedure (which I
derived from the help on signed scripts at
http://developer.netscape.com/viewsource/goodman_sscripts.html), without
bothering with real signed scripts (too much of a hassle for just a few
users !)
1) the user (I will have only 2-3 users) put in their netscape
prefs.js a line like
user_pref("signed.applets.codebase_principal_support", true);
2) I put in my javascript code (WHERE ?) the statements
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead")
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserWrite")
3) the user sees a popup which asks him to grant or deny privileges
for the unsigned script
Now my question is : what is the appropriate place for the
enablePrivilege statements ? And which of them go where ?
I tried a maximal solution, i.e. enabling both Read and Write in THREE
places :
- the head of the frameset
- the head of the source of frame UP
- the javascript code in frame DOWN
this way it works, but the user is asked 6 times to grant privileges.
I tried putting them only in the head, and it does not work. I get a
"permission denied get property Window.ffff" where ffff is one of the
javascript functions in the head of the frameset
Which privilege should I enable and where to get asked the minimum
possible times ?
(simplified). I made some progress using
netscape.security.PrivilegeManager.enablePrivilege but still have to ask
some further help.
1) a frameset contains
- a number of javascript functions in the head (they do something
like top.frames["UP"].document.myform.elements.value = v
- two frames UP and DOWN
2) the frame UP contains a form, whose action invokes a java servlet
(on the same machine, but by definition port 8080)
3) the servlet writes into frame DOWN (initially blank) a number
of javascript statements, which invoke functions of the form
parent.functioname(argument) ... i.e. those defined in the head
of the frameset
4) the effect of this should be to update some text input areas
or check buttons in the form in frame UP
For demo purposes I could replace step 3 loading in frame DOWN a fixed
set of javascript statements. I could put the source of frame DOWN on
the same server as frame UP, or on a different server.
In the case of the java servlet, as well if the source of DOWN is on a
different server, the javascripts cannot update the form, because of a
breach of the "Mozilla security model" as pointed out by Martin Honnen
(http://www.mozilla.org/projects/security/components/same-origin.html).
The javascripts cannot update the form under Mozilla and Netscape 6/7
(and also 4). They work under Netscape 3 or Konqueror.
I found that I can allow the javascripts residing on a "different
machine" to update the form with the following procedure (which I
derived from the help on signed scripts at
http://developer.netscape.com/viewsource/goodman_sscripts.html), without
bothering with real signed scripts (too much of a hassle for just a few
users !)
1) the user (I will have only 2-3 users) put in their netscape
prefs.js a line like
user_pref("signed.applets.codebase_principal_support", true);
2) I put in my javascript code (WHERE ?) the statements
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead")
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserWrite")
3) the user sees a popup which asks him to grant or deny privileges
for the unsigned script
Now my question is : what is the appropriate place for the
enablePrivilege statements ? And which of them go where ?
I tried a maximal solution, i.e. enabling both Read and Write in THREE
places :
- the head of the frameset
- the head of the source of frame UP
- the javascript code in frame DOWN
this way it works, but the user is asked 6 times to grant privileges.
I tried putting them only in the head, and it does not work. I get a
"permission denied get property Window.ffff" where ffff is one of the
javascript functions in the head of the frameset
Which privilege should I enable and where to get asked the minimum
possible times ?