Home Articles FAQs XREF Games Software Instant Books BBS About FOLDOC RFCs Feedback Sitemap

Q1079 Security violation when accessing info from other frame

You are here: irt.org | FAQ | JavaScript | NotABug | Q1079 [ previous next ]

Symptom: Trying to get the url or title of page loaded in the other frame results in many errors.

Affects: All browsers version 3 and up.

Reason: Access to all information about documents from other domains is restricted on purpose. Imagine someone setting up a page with stock information and links to your online stockexchange. Using hidden frames or tiny windows, a script could monitor links and keystrokes and perhaps grab sensitive information A more benign intrusion could be to monitor your browsing session, compiling information about your favorite sites and sell that info to ad agencies.

Workaround: Netscape will allow signed scripts to request access.

Here is an example of a request that needs signing if it is to run from the web:

function showUrl() {
<FRAMESET COLS="10%,*" onLoad="showUrl()">
<FRAME SRC="javascript:' '">
<FRAME SRC="http://www.netscape.com">

More info about signing can be found at http://developer.netscape.com/library/documentation/signedobj/signtool/index.htm

©2018 Martin Webb