[WEB4LIB] Accessing documents in multiple frames

Eric Hellman eric at openly.com
Thu Aug 22 15:18:25 EDT 2002


since a javascript can talk to its source, if you let javascript read 
remote documents, then you would be letting the source of the 
javascript  read any document you had access to, which would be a 
security issue to say the least.

it helps sometimes to try thinking like a hacker.


At 11:26 AM -0700 8/22/02, Fernando Gómez wrote:
>Hello,
>
>I'm developing an application (a web based cataloguing interface), in which
>the workspace is organized using multiple frames. My development platform is
>IE 5.5 on Win ME.
>
>The problematic situation today is this:
>
>top frame (name="topFrame"):
>     several control buttons (HTML file hosted on my server, localhost)
>
>bottom frame (name="bottomFrame"):
>     a page with the results of a search in a remote catalog
>
>The goal is to parse the data in the bottom frame, using JavaScript. But
>first I must have access to the corresponding document object, right? When I
>click a button on the top frame, this simple statement is executed:
>
>     alert(top.bottomFrame.document);
>
>And the error message I receive is:
>
>     Access is denied
>
>I've observed that when the bottom frame contains a web page from my server
>(localhost in this case), there's no error message. So it seems as if the
>problem lies in accessing a remote document. But is it so? Once the
>documents are in the browser, isn't one supposed to have access to the whole
>document trees?
>
>Thanks for your help in advance.
>
>Fernando GÛmez
-- 
Eric Hellman

Openly Informatics, Inc.
http://www.openly.com/1cate/      1 Click Access To Everything



More information about the Web4lib mailing list