Home Articles FAQs XREF Games Software Instant Books BBS About FOLDOC RFCs Feedback Sitemap
irt.Org
#

Q1079 Security violation when accessing info from other frame

You are here: irt.org | FAQ | JavaScript | NotABug | Q1079 [ previous next ]

Symptom: Trying to get the url or title of page loaded in the other frame results in many errors.

Affects: All browsers version 3 and up.

Reason: Access to all information about documents from other domains is restricted on purpose. Imagine someone setting up a page with stock information and links to your online stockexchange. Using hidden frames or tiny windows, a script could monitor links and keystrokes and perhaps grab sensitive information A more benign intrusion could be to monitor your browsing session, compiling information about your favorite sites and sell that info to ad agencies.

Workaround: Netscape will allow signed scripts to request access.

Here is an example of a request that needs signing if it is to run from the web:

<HTML>
<HEAD>
<SCRIPT>
function showUrl() {
   netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
   alert(top.frames[1].location.href);
   netscape.security.PrivilegeManager.disablePrivilege("UniversalBrowserRead");
}
</SCRIPT>
</HEAD>
<FRAMESET COLS="10%,*" onLoad="showUrl()">
<FRAME SRC="javascript:' '">
<FRAME SRC="http://www.netscape.com">
</FRAMESET>
</HTML> 

More info about signing can be found at http://developer.netscape.com/library/documentation/signedobj/signtool/index.htm

©2018 Martin Webb