Is it possible to run an HTML file from "localhost" and bypass the
various security checks in place for cross-frame scripting? For
example, on a 2-frame page loaded locally:
a) frame 1 includes a form that accepts the name of a web site
(example: www.foo.com), which a script or perhaps a "target" attribute
then loads into frame 2
b) frame 1 waits for frame 2 to load, then reads (for example)
top.frame2.document.images.length and displays the total in frame 1
I realize that "localhost" is not going to match the domain appearing
in frame 2, but as I myself am running the script, logically, where is
the harm?
I haven't done much testing with this yet, but am planning an
application around this concept and am hoping I can make it work. Any
pointers?
I'm trying to dynamically set the height of my Iframe. my https: main page is calling another https in an Iframe. But i get an access denied error from my javascript trying to call the parent document.
Main https page <IFRAME APPLICATION="yes" style="width:100%;" id="iframename" frameborder="no" scrolling="no" SRC="https://www.otherdomain.com">
otherdomain.com html ------------------------------------------------ <script> function bodyheight() { x = document.body.scrollHeight parent.document.all.iframename.style.height = x } </script>
I need to html encode all text field values on the client just before sending them to the server. A javascript equilalent of Server.HTMLEncode in IIS. I also need to be able to perform the reverse.
All I am trying to do is ensure that if a user enters html tags in the a form, that the tags does not get parsed by the browser.
I'm working on a project at the office that pulls together a bunch of our websites into a portal thing and adds a better search engine. We're also trying to accomadate newer browsers (Netscape 7.2, Firefox, Safari) and are having some problems. The websites run on different servers, all of which we control, so we are setting the document.domain = "ourdomain.com"; in some javascript on ever page. However, we're having problems. We use popup windows for some things, and sometimes these popups want to 'populate' the parent frame window with a new page as a result of a user selection on the popup.
This works most of the time, but not always. For instance, in Netscape 7.2 it just seems to fail with an "access denied..." error in javascript. In Firefox and Safari it opens a new window and populates that instead of populating the original parent window. Can anyone point me at some definitive information about the document.domain property and how to use it effectively?
I'm trying to set up a system similar to Google AdSense that allows other websites to display some HTML content from my site on theirs. I've looked at the show_ads.js file Google uses to display Ads but to be honest I've not found it easy to decipher. I've also read that using a <script> tag to load a JavaScript file from my site is simpler than trying to do do this with an AJAX request. it discusses returning JSON rather than HTML.
BTW I know I could use an iframe to achieve something similar but this won't give me the result I need because the content coming from my site will contain a link back to my site and I want the link to be registered as an inbound link to my site for SEO reasons.
We have a javascript that is vulnerable to XSS because the input to the script is not being checked for strings such as "javascript", "eval", "script" etc. I have seen some snippets of code here and there on how to check the strings but I have not yet found a comprehensive js library that will clean user input of all offending characters. What complicates it is that phishers can encode characters to bypass the usual amateurish attempts to clean strings of offending characters.
I'm having a hell of a job getting this to work in Safari: the only thing I can think of is that one can't use reload() across to another frame for security reasons. Does anyone have a concrete answer or solution for this? I'm trying to do this:
I have set of frames... one contains a menu and the other a status frame. I am calling a function from the menu which sets the variables however I need some help passing those variables to the status frame. How would I go about doing such a thing?
This is called from the menu in frame 1 but doesn't work:
Code: function jumpsec(cat, prod) { parent.statusbar.category=cat; parent.statusbar.product=prod; }
// then my status frame bar has: document.write(parent.statusbar.category); document.write(parent.statusbar.product);
The 2 variables are blank on statusbar onload but get populated with each click.
I am using this code to refresh the browser after a iframe has finished loading. Does anyone know a cross-browser one that will work on all browsers. I have tested it on firefox and internet explorer, it seems to only work on firefox.
i need a DHTML drop down menu sample with framesets used or the cross-frame..i dont have any dropdown menu creator because they are just a trial verion..
I have been searching for days for a solution to this problem and I'm hoping someone here can help.
I have some .html files on my local machine that don't seem to want to recognize .js files
I have XP Pro and IIS 5.1
It works fine in FireFox but not IE7, If I put the javascript in the head of the .html doc it works fine in IE7 but not if I try to access it from an external .js file
If I run it on the internet it works fine so the problem is my local setup
I have even tried setting the mime type in IIS but that didn't work either
I have tried to use the full URL and that didn't work code...
Is there any way to resize an iframe dynamically to the height of its content that works cross browser and works when the iframe content is on another domain than the main page (I have access to both pages, so code can be put in either) Also, it must resize when links in the iframe are clicked (ie when a new page within the iframe is loaded)
For Ubuntu 10.04, Apache 2, PHP5 and MySQL 5, Firefox 3.6. (I already had Apache, Mysql and Firefox installed, so only added PHP5 via the synaptic manager a couple of days ago).
I have only just started with Ajax and PHP and obtained some demo files from w3schools.com (by googling on 'Ajax PHP database') that I named w3.html and getuser.php. These show how to find person details in a MySQL data base and send them back to be displayed by a browser. They work when Firefox accesses the demo at w3schools.com.
I put these files into directory /var/www on my PC (the upload file directory) and tried via Firefox, but got this error showing in the Firefox Error console:
I also obtained a similar demo from [url]. It failed in the same way, but worked when accessing www.tizag.com directly.
I googled on permutations of 'Ajax', 'XMLHTTPRequest' and 'no element found' and noticed that many have had this problem. A few said that this problem occurs when the Ajax-side expects XML but gets HTML from the server, but did not give any solutions.
PHP works when I put 'localhost/getuser.php?q=2' into the Firefox addressbar. It generates the result table which looks well-formed to me.
I then modified the eventhandler onreadystatechange to
Code:
And found:
i) The status code returned is always 0 (not 200 or any other 3-digit http return code).
ii) The text returned is the content of the getuser.php file, not the content generated by executing the PHP code.
iii) The 'no element found' error is still shown
My intention was to learn and experiment with Ajax and PHP on my local PC, but it did not work. Can it be done, or do I have to get a website and use FTP to upload?
w3.html
Code:
w3.html:
Code:
Use mysql command source w3demo.sql from the MySQL command line.
Any of you smartypants know why my javascript onload function (inside the body tag) is not working (alert pop up box). Using localhost as server and no my pop ups are not blocked
I'm pulling data from a database using a RESTlet server, and using Flot to produce a graph.
My problem is that whenever I make the following AJAX call, I get an "Access to restricted URI denied" error on Firefox. On Internet Explorer I have other problems, but I can tell by my server logs that at least the AJAX call happens, which is more than I can say for Firefox. code...
The url is correct, and the server is hosted on this machine, but Firefox thinks it's trying access another domain. The html file containing this code is located on my hard drive.
I have a domain: example.com; which is the parent.And a subdomain: api.example.com; which page 'receiver.html' is being loaded in an iframe, child of parent. Both pages set document.domain = example.com.
I'm trying to adapt this code:[url] but Idon't want to load jQuery from the <iframe> again but I need to have the method $.ajax() working from the <iframe> otherwise it would be a cross-domain request and the browser would abort it. I tried ingenuously to set via $('iframe')[0].contentWindow.$.ajax = $.ajax() and I just got a shortcut to the parent page jQuery method. I also tried to "clone" it using $.expand (true...) but the method doesn't work for me; probably because of the complexity of the objected I'm trying to clone. So is there a way for me to use jQuery to have only a $.ajax() method in the <iframe> ? I've thought even about creating a XHR in the child-iframe and then use that in the $.ajaxSetup ({xhr: THATNEWXHR}) but I couldn't do it. I mean, I want to use the XHR factory from jQuery (which has fallbacks for IE, etc) but it has to be created from the iframe-child.
Maybe there is other way to make the AJAX call come from the child-iframe.
If you're wondering "why don't you load jQuery from <script> in the child-iframe", there is a reason... As I'm using jQuery plugins + my own custom javascripts + other independent scripts I created a compiler which minifies each file and bundle them in one. The advantage of this is the reduction of HTTP requests. So "why don't you load that bundle inside the child-iframe?", because it's ugly and Twitter doesn't... Yeah, I like to take Twitter as a reference and I think if they were able to make it so can I;
I got to work in most browsers except IE and Operaby doing it with pure javascript.
I'm "attaching" the code for you guys to test. If you open it with Chrome, Safari or Firefox you will receive 2 alerts one with the return of $.get() and another with the return of a request made via XMLHttpsRequest object. Otherwise (if you open it with IE or Opera) you'll get 'undefined' in the first alert but the real return in the second.
I have a problem, when I load jquery.js from local, my test server is Apache 2.2.14 and PHP 5.3.1. The code is : <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL]"> <html xmlns="[URL]"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>jQuery Starterkit</title> <script language="javascript" src="lib/jquery-1.4.2.min.js"></script> <script language="javascript"> $(function() { $("input").click(function(){ alert('Hello World!'); }); }); </script> </head> <body> <lable>pwd : </lable><input type="text" name="text" value="name"/> </body> </html>
The browser alert (Missing Objects) in localhost. But if I change src to '[URL]', or double click html and run in the browser, it takes effective. So I think there are some problems in my Apache conf file.
Im trying to make a back button that reloads the previous page the user was at. The back button will be on a small top frame and the page that needs to be controlled will be in the main frame.
The top frame is just a navigation system, and all pages will be loaded in the main frame. Im trying to use this Code:
I've got jQuery and 2 plugin libraries running on my website. One runs the navigation and the other runs a dropdown search box. Everything works great on my localhost, but when I copied the directory to the external server none of the jQuery worked. I'm not getting any Errors in my error log, and the directory has been copied exactly. [URL]
I want to have a main image in place and when you click on 1 of the 3 frame options the frame changes showing a preview. Also I would like the add to cart button change its code to add the correct item as well.
i need to pass the data in the textfields from the left frame to the textfields in the right frame of my frameset. (ex: dslnum of frame1 will be pass to txtDSLTN of frame2)[URL]
I have two frames (frameset, let's call it frame1 and frame2). Frame1 has links..., and frame2. When some link in frame1 is clicked, it must be changed content of the frame2. Here's example: click. How to do that? (I don't see any javascript code)
I have a parent document that has a frameset with two frames in it. The first frame is a "header" that runs across the top of the site, and never changes. The second frame contains the "content" of the site. Essentially, I am trying to figure out how to prevent the header appearing above external sites when the user clicks an external link in the "content" frame.
Every time the content frame changes to a new URL, I would like the check that URL and determine if the content frame is changing to an external URL (i.e. different domain in URL) or to an internal link (same domain in URL). If the content is changing to an external link, I want to break out of the frame and just load that external link in the top most document.
I would like all of my javascript to be in the parent document, not spread throughout the individual pages of the site. I was trying to approach this by setting the onunload event handler of the content frame, but I am left with a couple of specific questions: 1. In handling an unload event, can you determine the next URL that the document is loading? Code:
I have a little problem, I structure my site with a main page index.html with a frame in the central whit name CENTRALE, so every other page I will open within this frame. Now I need to have a direct link to these internal pages, give an example I wish it were possible to go to the page clothing giving a direct link to that section of the site type www.indirizzo.com / clothing.html because the state of things if I take the 'direct address to that page I open only the part inside of the frame, but I wish I would open inside the "main frame, there is a solution in javascrip to overcome this problem?
