Document.domain Issues And Cross Server Scripting
Jul 23, 2005
I'm working on a project at the office that pulls together a bunch of
our websites into a portal thing and adds a better search engine. We're
also trying to accomadate newer browsers (Netscape 7.2, Firefox,
Safari) and are having some problems. The websites run on different
servers, all of which we control, so we are setting the document.domain
= "ourdomain.com"; in some javascript on ever page. However, we're
having problems. We use popup windows for some things, and sometimes
these popups want to 'populate' the parent frame window with a new page
as a result of a user selection on the popup.
This works most of the
time, but not always. For instance, in Netscape 7.2 it just seems to
fail with an "access denied..." error in javascript. In Firefox and
Safari it opens a new window and populates that instead of populating
the original parent window. Can anyone point me at some definitive
information about the document.domain property and how to use it
effectively?
View 1 Replies
ADVERTISEMENT
Aug 30, 2009
I'm trying to set up a system similar to Google AdSense that allows other websites to display some HTML content from my site on theirs. I've looked at the show_ads.js file Google uses to display Ads but to be honest I've not found it easy to decipher. I've also read that using a <script> tag to load a JavaScript file from my site is simpler than trying to do do this with an AJAX request. it discusses returning JSON rather than HTML.
BTW I know I could use an iframe to achieve something similar but this won't give me the result I need because the content coming from my site will contain a link back to my site and I want the link to be registered as an inbound link to my site for SEO reasons.
View 1 Replies
View Related
Mar 11, 2010
I'm trying to write a script that will be loaded from one server into a website on another server. This script is trying to talk (ajax) to the server that it comes from but I'm getting "Access Denied" errors. I'm well aware that cross-domain calls are not allowed for security reasons so my question is how does Google Analytics work because essentially thats what I'm trying to accomplish. I can embed a Google Analytics script into my website and it'll gather data and send it back to Google.
View 4 Replies
View Related
Oct 28, 2011
I need to send data through POST to other domain.
My script is:
But I am still getting the error XMLHttpRequest cannot load [url]. Origin [url] is not allowed by Access-Control-Allow-Origin.
XHR finished loading
I set in the destination
I don't know why it dosen't work.
View 2 Replies
View Related
Jun 18, 2009
Is there any way to resize an iframe dynamically to the height of its content that works cross browser and works when the iframe content is on another domain than the main page (I have access to both pages, so code can be put in either) Also, it must resize when links in the iframe are clicked (ie when a new page within the iframe is loaded)
View 1 Replies
View Related
Apr 24, 2006
Is it possible to run an HTML file from "localhost" and bypass the
various security checks in place for cross-frame scripting? For
example, on a 2-frame page loaded locally:
a) frame 1 includes a form that accepts the name of a web site
(example: www.foo.com), which a script or perhaps a "target" attribute
then loads into frame 2
b) frame 1 waits for frame 2 to load, then reads (for example)
top.frame2.document.images.length and displays the total in frame 1
I realize that "localhost" is not going to match the domain appearing
in frame 2, but as I myself am running the script, logically, where is
the harm?
I haven't done much testing with this yet, but am planning an
application around this concept and am hoping I can make it work. Any
pointers?
View 4 Replies
View Related
Jul 20, 2005
I need to html encode all text field values on the client just before
sending them to the server. A javascript equilalent of Server.HTMLEncode in
IIS. I also need to be able to perform the reverse.
All I am trying to do is ensure that if a user enters html tags in the a
form, that the tags does not get parsed by the browser.
View 4 Replies
View Related
Jul 23, 2005
I'm trying to dynamically set the height of my Iframe. my https: main page
is calling another https in an Iframe. But i get an access denied error
from my javascript trying to call the parent document.
Main https page
<IFRAME APPLICATION="yes" style="width:100%;" id="iframename"
frameborder="no" scrolling="no" SRC="https://www.otherdomain.com">
otherdomain.com html
------------------------------------------------
<script>
function bodyheight() {
x = document.body.scrollHeight
parent.document.all.iframename.style.height = x
}
</script>
View 1 Replies
View Related
Jun 19, 2007
We have a javascript that is vulnerable to XSS because the input to
the script is not being checked for strings such as "javascript",
"eval", "script" etc. I have seen some snippets of code here and
there on how to check the strings but I have not yet found a
comprehensive js library that will clean user input of all offending
characters. What complicates it is that phishers can encode characters
to bypass the usual amateurish attempts to clean strings of offending
characters.
Any js libraries or resources out there anywhere?
View 1 Replies
View Related
Jan 15, 2010
i need to post data from a form to a page on another domain, without leaving the current page.I am using ASP as a server language.
View 9 Replies
View Related
May 13, 2011
I am trying to write a string variable containing XML in the form of text into an iframe such that it shows up as formatted XML with the expand(+) and collapse (-) options that default in IE when opening an XML file.
The first thing I tried is writing the string to a file with .xml extension and setting the iFrame src to that file. This works well normally, however in this case, the file does not get created where I want to due to some security restrictions in IE which I cannot edit as I dont have admin rights.
Secondly I tried appending the string as innerHTML to that iframe but only the content within the XML tags without any formatting shows up which is not intended.
Thirdly I cannot use any server side scripting as this is a very controlled environment and I am not allowed to host servers or edit server scripts at will. This is totally out of question, so I guess Ajax or calling a costom defined web service wont help.
At best I can say, I am limited to HTML, Javascript and vbScript.
I am receiving the string as a responseText from an ajax request which is consuming a web service. If I use responseXML, it doesn't work.
The solution I am looking at is to either display it as formatted XML in an iFrame or to just throw it into a textarea which I am already doing and simultaneously write it to an XML file or do both. If not automatically, atleast have the user press a button and do it.
View 4 Replies
View Related
Jun 12, 2006
If running off of the local filesystem, in Firefox, or if the security
settings are set appropriately, in Internet Exporer, XmlHttpRequests
can be sent to any domain of your chosing. But what about cookies?
Can cookies be accessed for any domain of your chosing?
For example, although www.domaina.tld can't access cookies for
www.domainb.tld, can c: access cookies for www.domainb.tld?
The way cookies are accessed in javascript (document.cookies) would
suggest not, but I just wanted to make sure.
View 5 Replies
View Related
Apr 9, 2011
How to get value from other domain?
other site: <input value="test"></input>
View 6 Replies
View Related
Aug 29, 2006
Im trying to make a "Search Many Sites from One Location". Heres my problem:
I have a form on my page which allows the user to enter
a search term and select which site he would like the results from.
(the sites dont allow URL pasting) the sites are library catalogues.
heres my idea, can this be done?:
User enters search term, selects site they want results from and
enters submit.
This takes user to a framed page with frame1 being library catalogue.
now either the frameset or frame 2 does this at timed interval gets the variable that was submited from search term entered and uses something like this bookmarklet
javascript:function ROIoiW(){var
i=0,j,A='anonymous',D,E,F=document.forms;while(i<F.length){E=F[i].elements;for(j=0;j<E.length;j++){D=E[j];if(D.type=='text'){D.value=(D.name.toUpperCase(). indexOf('MAIL')!=-1)?A+'@example.com':A}}i++}}ROIoiW();void(null)
and something to fill in the search term and press submit in frame1.
View 8 Replies
View Related
Feb 18, 2010
I'm fairly new to javascript and JQuery so please bear with me. I've written a simple app using JQuery whose purpose is to select the fastest mirror site. To this end I use several $.ajax calls - one to each mirror site -and I don't do anything with the data I get from these, I only use the order in which they respond to sort the sites from fastest to slowest. I'd share the code, but really the only thing it does is call the $.ajax function and append a line in a table using the success: callback. This works perfectly fine for most browsers, except IE which throws the 'access is denied' error. I know about cross domain restrictions and understand the reasoning behind - my plan was to put my script in the 'trusted' zone and enable the required options to bypass the problem as this will be used in a controlled environment, but no matter what I try my code won't run in IE. Some of my mirror sites are indeed in a different domain. What I have trouble understanding is why all other browsers (FF, Chrome etc), with their default configuration, allow my code to run flawlessly? If the reasoning behind IE blocking this is correct, then why do others allow it?
Also obviously for my purpose using a server-side proxy makes no sense as I want to test the sites from the client side, not from the server. I've also read about other work arounds such as JSONP but unfortunately the sites that I'm testing cannot support this. But once again, what I'm really wondering about is why my code works flawlessly in other browsers..
View 15 Replies
View Related
Sep 3, 2009
i wants to know that how to handle cross domain error which are giving by jquery in Mozilla.
View 1 Replies
View Related
Oct 22, 2009
I'm new to this group, and after doing a lot (and I mean a LOT) ofsearching, I can't find an answer for my problem:I'm basically trying to do a simple $.getJSON, and the setup issimple:Firefox 3.5 MacOSX, latest jQuery (1.3.2)the json file named "myjson.json" (I've reduced its contents to itsminimum for testing purposes and it validates in JSONLint):
{"result": "true"}
The javascript:
$.getJSON('http://site1:8888/myjson.json', {}, function(data) { alert
[code]....
View 12 Replies
View Related
Oct 10, 2009
I'm building a web app that provides music information (i.e. info on artists, albums, songs, etc.) and for the info source I'm using the MusicBrainz API.
Now, I'm trying to load the data from an API call and process it, with jQuery.
This is the code I'm using:
With 'queryString' being the URL string for the request, and then I'd proceed to read the data out of the 'xml' object. Fairly simple.
However, this is where problems arise. The code works flawlessly when running locally on my computer, but does not work at all when I upload everything to my web server and try to run it there. I did some reading and have discovered that AJAX calls can't be made across different domains, due to security issues.
So I've read through numerous solutions, but almost all require either something with PHP (which I have absolutely NO knowledge of) or grabbing the data in JSON format (which apparently isn't subject to the same security restrictions). However, my main problem is that the MusicBrainz API does not return data in JSON format (in fact the only format it returns is XML).
View 4 Replies
View Related
Dec 8, 2010
JavaScript code is not traversing via Iframe with Cross Domain. Actually i was assigned with a project, to grab the top page URL, which has many Iframes, which are coming from different domains. The final sub domain has the JavaScript code, which has to grab the top page URL.
View 2 Replies
View Related
Jan 10, 2011
I'm writing this post as there are alot of questions about Cross Domain AJAX request so i'm going to give an overview of the different ways and the best practices Ok so there are 2 systems for this the key difference is how much control you have.
If you control the Requested site you can use Javascript Safe calling to that server, this is all done via a few Headers so to do this all you have to do is send some headers from the page your requesting.
The first is tell the browser that the site the AJAX call is coming from is allowed this is done with
"Access-Control-Allow-Origin: " Now this can be set to a wild card and allow all sites to access the page
"Access-Control-Allow-Origin: *"
Or you can say only a set server can
"Access-Control-Allow-Origin: mydomain.com"
This header allows GET requests but what if you need to post data to the site well you need to tell the browser that POST data is allowed to be sent Access-Control-Allow-Headers: GET,POST
Now we run into the problem that sending post data the browser will send the header Content-Type but your server has not told the browser its allowed to send that header so Access-Control-Allow-Methods: Content-Type Will allow the header to be sent if you wish to send any other custom headers you have to make your server tell the browser its allowed to send them this is done by adding them as a comma delimited list via the "Access-Control-Allow-Headers" header
Now if you dont have control well then your back to using a script that is local to the AJAX script then sending the data via cURL or another connection method to the remote server
[Code]...
View 15 Replies
View Related
Jan 25, 2011
Is there a way of using the Ajax httpRequest cross domain?
View 6 Replies
View Related
Jan 27, 2011
my working project (needs a proxy): [URL]...currently working through this tutorial, I have setup a proxy and saved it as proxy.php[URL].. I just need to put this piece of code in my JavaScript but not sure where?!
[Code]...
View 1 Replies
View Related
Feb 10, 2005
I am trying to send values from a popup window to the parent window. The opener.parent event does not work in my case, as, my popup window is in a different domain. Code:
View 4 Replies
View Related
Jan 31, 2010
I'm using some javascript that senses the presence of an id on a page, creates an iframe containing cross domain content if it finds it and also resizes the iframe. It works great in FF, but IE stumbles if there's more than one iframe requested (especially IE6). If someone knows a better way to get IE to co-operate with this set up An acceptable alternative would be to only create one iframe at a time (which IE can handle), by using a link to trigger the iframe creation. I just can't figure out how to get that to work.The cross domain resizer uses the frame manager trick, the rest is homespun.
Code:
<!--JS THAT RESIZES IFRAMES-->
<script type="text/javascript" src="documents/FrameManager.js"></script>
</script>
<!--POSTS-->
<script>
[Code]...
View 5 Replies
View Related
May 8, 2011
i am trying to resize an iframe which is not in same domain.I tried couple of ways as below: iam loading an html which is in other domain.I kept this syntax in script
function toBeCalledOnChildHTMLLoad()
{
parent.document.getElementById("ifameId").height = calculatedHeight;
}
Still it is not working..Please suggest if u have any solutions on this.
View 5 Replies
View Related
Aug 20, 2011
The following topic had driven me nuts for a few hours. I have been reading article after article trying to get this to work, with no luck. Lets start with what im trying to do.I am making a JS file that people can link on their webpage, and will create tooltips on links (from data from my database). Ok np. I have a php file for testing.
Code:
$item = $_GET['item'];
if ($item == "test") {
[code]....
View 2 Replies
View Related
