Cross-frame Scripting And Localhost
Apr 24, 2006
Is it possible to run an HTML file from "localhost" and bypass the
various security checks in place for cross-frame scripting? For
example, on a 2-frame page loaded locally:
a) frame 1 includes a form that accepts the name of a web site
(example: www.foo.com), which a script or perhaps a "target" attribute
then loads into frame 2
b) frame 1 waits for frame 2 to load, then reads (for example)
top.frame2.document.images.length and displays the total in frame 1
I realize that "localhost" is not going to match the domain appearing
in frame 2, but as I myself am running the script, logically, where is
the harm?
I haven't done much testing with this yet, but am planning an
application around this concept and am hoping I can make it work. Any
pointers?
View 4 Replies
ADVERTISEMENT
Jul 23, 2005
I'm trying to dynamically set the height of my Iframe. my https: main page
is calling another https in an Iframe. But i get an access denied error
from my javascript trying to call the parent document.
Main https page
<IFRAME APPLICATION="yes" style="width:100%;" id="iframename"
frameborder="no" scrolling="no" SRC="https://www.otherdomain.com">
otherdomain.com html
------------------------------------------------
<script>
function bodyheight() {
x = document.body.scrollHeight
parent.document.all.iframename.style.height = x
}
</script>
View 1 Replies
View Related
Jul 20, 2005
I need to html encode all text field values on the client just before
sending them to the server. A javascript equilalent of Server.HTMLEncode in
IIS. I also need to be able to perform the reverse.
All I am trying to do is ensure that if a user enters html tags in the a
form, that the tags does not get parsed by the browser.
View 4 Replies
View Related
Jul 23, 2005
I'm working on a project at the office that pulls together a bunch of
our websites into a portal thing and adds a better search engine. We're
also trying to accomadate newer browsers (Netscape 7.2, Firefox,
Safari) and are having some problems. The websites run on different
servers, all of which we control, so we are setting the document.domain
= "ourdomain.com"; in some javascript on ever page. However, we're
having problems. We use popup windows for some things, and sometimes
these popups want to 'populate' the parent frame window with a new page
as a result of a user selection on the popup.
This works most of the
time, but not always. For instance, in Netscape 7.2 it just seems to
fail with an "access denied..." error in javascript. In Firefox and
Safari it opens a new window and populates that instead of populating
the original parent window. Can anyone point me at some definitive
information about the document.domain property and how to use it
effectively?
View 1 Replies
View Related
Aug 30, 2009
I'm trying to set up a system similar to Google AdSense that allows other websites to display some HTML content from my site on theirs. I've looked at the show_ads.js file Google uses to display Ads but to be honest I've not found it easy to decipher. I've also read that using a <script> tag to load a JavaScript file from my site is simpler than trying to do do this with an AJAX request. it discusses returning JSON rather than HTML.
BTW I know I could use an iframe to achieve something similar but this won't give me the result I need because the content coming from my site will contain a link back to my site and I want the link to be registered as an inbound link to my site for SEO reasons.
View 1 Replies
View Related
Jun 19, 2007
We have a javascript that is vulnerable to XSS because the input to
the script is not being checked for strings such as "javascript",
"eval", "script" etc. I have seen some snippets of code here and
there on how to check the strings but I have not yet found a
comprehensive js library that will clean user input of all offending
characters. What complicates it is that phishers can encode characters
to bypass the usual amateurish attempts to clean strings of offending
characters.
Any js libraries or resources out there anywhere?
View 1 Replies
View Related
Mar 14, 2006
I'm having a hell of a job getting this to work in Safari: the only thing I can think of is that one can't use reload() across to another frame for security reasons. Does anyone have a concrete answer or solution for this? I'm trying to do this:
top.frames["mainContent"].location.reload();
View 9 Replies
View Related
Oct 28, 2003
I have set of frames... one contains a menu and the other a status frame. I am calling a function from the menu which sets the variables however I need some help passing those variables to the status frame. How would I go about doing such a thing?
This is called from the menu in frame 1 but doesn't work:
Code:
function jumpsec(cat, prod) {
parent.statusbar.category=cat;
parent.statusbar.product=prod;
}
// then my status frame bar has:
document.write(parent.statusbar.category);
document.write(parent.statusbar.product);
The 2 variables are blank on statusbar onload but get populated with each click.
View 4 Replies
View Related
Aug 12, 2010
I am using this code to refresh the browser after a iframe has finished loading. Does anyone know a cross-browser one that will work on all browsers. I have tested it on firefox and internet explorer, it seems to only work on firefox.
PHP Code:
<script type="text/javascript">
window.onload = function() {
document.getElementById("updates").onload = function() {
[code]...
View 4 Replies
View Related
Feb 10, 2006
i need a DHTML drop down menu sample with framesets used or the cross-frame..i dont have any dropdown menu creator because they are just a trial verion..
View 1 Replies
View Related
Mar 29, 2009
I have been searching for days for a solution to this problem and I'm hoping someone here can help.
I have some .html files on my local machine that don't seem to want to recognize .js files
I have XP Pro and IIS 5.1
It works fine in FireFox but not IE7, If I put the javascript in the head of the .html doc it works fine in IE7 but not if I try to access it from an external .js file
If I run it on the internet it works fine so the problem is my local setup
I have even tried setting the mime type in IIS but that didn't work either
I have tried to use the full URL and that didn't work code...
View 6 Replies
View Related
Jun 18, 2009
Is there any way to resize an iframe dynamically to the height of its content that works cross browser and works when the iframe content is on another domain than the main page (I have access to both pages, so code can be put in either) Also, it must resize when links in the iframe are clicked (ie when a new page within the iframe is loaded)
View 1 Replies
View Related
May 1, 2011
I was wondering if using ajax-jquery was possible with 'localhost' as url ?
View 1 Replies
View Related
Sep 7, 2010
For Ubuntu 10.04, Apache 2, PHP5 and MySQL 5, Firefox 3.6. (I already had Apache, Mysql and Firefox installed, so only added PHP5 via the synaptic manager a couple of days ago).
I have only just started with Ajax and PHP and obtained some demo files from w3schools.com (by googling on 'Ajax PHP database') that I named w3.html and getuser.php. These show how to find person details in a MySQL data base and send them back to be displayed by a browser. They work when Firefox accesses the demo at w3schools.com.
I put these files into directory /var/www on my PC (the upload file directory) and tried via Firefox, but got this error showing in the Firefox Error console:
I also obtained a similar demo from [url]. It failed in the same way, but worked when accessing www.tizag.com directly.
I googled on permutations of 'Ajax', 'XMLHTTPRequest' and 'no element found' and noticed that many have had this problem. A few said that this problem occurs when the Ajax-side expects XML but gets HTML from the server, but did not give any solutions.
PHP works when I put 'localhost/getuser.php?q=2' into the Firefox addressbar. It generates the result table which looks well-formed to me.
I then modified the eventhandler onreadystatechange to
Code:
And found:
i) The status code returned is always 0 (not 200 or any other 3-digit http return code).
ii) The text returned is the content of the getuser.php file, not the content generated by executing the PHP code.
iii) The 'no element found' error is still shown
My intention was to learn and experiment with Ajax and PHP on my local PC, but it did not work. Can it be done, or do I have to get a website and use FTP to upload?
w3.html
Code:
w3.html:
Code:
Use mysql command source w3demo.sql from the MySQL command line.
View 5 Replies
View Related
Sep 19, 2009
In which ways can I use javascript to detect if the page was coming from localhost.
I know I can search for localhost in string from location.href, but that would miss instances where pages comes from let say:
local.testsite.com or similar
where local.testsite.com are added to the hosts file (windows)
Is there a way to detect this that will allways work?
View 4 Replies
View Related
Jul 15, 2010
Any of you smartypants know why my javascript onload function (inside the body tag) is not working (alert pop up box). Using localhost as server and no my pop ups are not blocked
View 2 Replies
View Related
Jun 30, 2010
I'm pulling data from a database using a RESTlet server, and using Flot to produce a graph.
My problem is that whenever I make the following AJAX call, I get an "Access to restricted URI denied" error on Firefox. On Internet Explorer I have other problems, but I can tell by my server logs that at least the AJAX call happens, which is more than I can say for Firefox. code...
The url is correct, and the server is hosted on this machine, but Firefox thinks it's trying access another domain. The html file containing this code is located on my hard drive.
How can I get Firefox to allow this AJAX call?
View 6 Replies
View Related
Aug 26, 2011
I have a domain: example.com; which is the parent.And a subdomain: api.example.com; which page 'receiver.html' is being loaded in an iframe, child of parent. Both pages set document.domain = example.com.
I'm trying to adapt this code:[url] but Idon't want to load jQuery from the <iframe> again but I need to have the method $.ajax() working from the <iframe> otherwise it would be a cross-domain request and the browser would abort it. I tried ingenuously to set via $('iframe')[0].contentWindow.$.ajax = $.ajax() and I just got a shortcut to the parent page jQuery method. I also tried to "clone" it using $.expand (true...) but the method doesn't work for me; probably because of the complexity of the objected I'm trying to clone. So is there a way for me to use jQuery to have only a $.ajax() method in the <iframe> ? I've thought even about creating a XHR in the child-iframe and then use that in the $.ajaxSetup ({xhr: THATNEWXHR}) but I couldn't do it. I mean, I want to use the XHR factory from jQuery (which has fallbacks for IE, etc) but it has to be created from the iframe-child.
Maybe there is other way to make the AJAX call come from the child-iframe.
If you're wondering "why don't you load jQuery from <script> in the child-iframe", there is a reason... As I'm using jQuery plugins + my own custom javascripts + other independent scripts I created a compiler which minifies each file and bundle them in one. The advantage of this is the reduction of HTTP requests. So "why don't you load that bundle inside the child-iframe?", because it's ugly and Twitter doesn't... Yeah, I like to take Twitter as a reference and I think if they were able to make it so can I;
I got to work in most browsers except IE and Operaby doing it with pure javascript.
I'm "attaching" the code for you guys to test. If you open it with Chrome, Safari or Firefox you will receive 2 alerts one with the return of $.get() and another with the return of a request made via XMLHttpsRequest object. Otherwise (if you open it with IE or Opera) you'll get 'undefined' in the first alert but the real return in the second.
This is the example.com/index.htm:
View 4 Replies
View Related
Jun 1, 2010
I have a problem, when I load jquery.js from local, my test server is Apache 2.2.14 and PHP 5.3.1. The code is :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL]">
<html xmlns="[URL]">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>jQuery Starterkit</title>
<script language="javascript" src="lib/jquery-1.4.2.min.js"></script>
<script language="javascript">
$(function() {
$("input").click(function(){
alert('Hello World!');
});
});
</script>
</head>
<body>
<lable>pwd : </lable><input type="text" name="text" value="name"/>
</body>
</html>
The browser alert (Missing Objects) in localhost. But if I change src to '[URL]', or double click html and run in the browser, it takes effective. So I think there are some problems in my Apache conf file.
View 4 Replies
View Related
Oct 15, 2001
Im trying to make a back button that reloads the previous page the user was at.
The back button will be on a small top frame and the page that needs to be controlled will be in the main frame.
The top frame is just a navigation system, and all pages will be loaded in the main frame.
Im trying to use this Code:
<FORM>
<INPUT TYPE="button"
NAME="back"
VALUE="BACK"
onClick="history.go(-1)">
</FORM>
Does anyone know how I could accoplish the desired result using this code, or any other code? And what about a foreward button?
View 2 Replies
View Related
Jun 23, 2009
I've got jQuery and 2 plugin libraries running on my website. One runs the navigation and the other runs a dropdown search box. Everything works great on my localhost, but when I copied the directory to the external server none of the jQuery worked. I'm not getting any Errors in my error log, and the directory has been copied exactly. [URL]
View 3 Replies
View Related
Jul 20, 2010
I want to have a main image in place and when you click on 1 of the 3 frame options the frame changes showing a preview. Also I would like the add to cart button change its code to add the correct item as well.
View 2 Replies
View Related
Aug 30, 2010
i need to pass the data in the textfields from the left frame to the textfields in the right frame of my frameset. (ex: dslnum of frame1 will be pass to txtDSLTN of frame2)[URL]
View 19 Replies
View Related
May 22, 2011
I have two frames (frameset, let's call it frame1 and frame2). Frame1 has links..., and frame2. When some link in frame1 is clicked, it must be changed content of the frame2. Here's example: click. How to do that? (I don't see any javascript code)
View 2 Replies
View Related
Jul 19, 2006
I have a parent document that has a frameset with two frames in it. The first frame is a "header" that runs across the top of the site, and never changes. The second frame contains the "content" of the site. Essentially, I am trying to figure out how to prevent the header appearing above external sites when the user clicks an external link in the "content" frame.
Every time the content frame changes to a new URL, I would like the check that URL and determine if the content frame is changing to an external URL (i.e. different domain in URL) or to an internal link (same domain in URL). If the content is changing to an external link, I want to break out of the frame and just load that external link in the top most document.
I would like all of my javascript to be in the parent document, not spread throughout the individual pages of the site. I was trying to approach this by setting the onunload event handler of the content frame, but I am left with a couple of specific questions:
1. In handling an unload event, can you determine the next URL that the document is loading? Code:
View 6 Replies
View Related
Jan 10, 2011
I have a little problem, I structure my site with a main page index.html with a frame in the central whit name CENTRALE, so every other page I will open within this frame. Now I need to have a direct link to these internal pages, give an example I wish it were possible to go to the page clothing giving a direct link to that section of the site type www.indirizzo.com / clothing.html because the state of things if I take the 'direct address to that page I open only the part inside of the frame, but I wish I would open inside the "main frame, there is a solution in javascrip to overcome this problem?
View 4 Replies
View Related
