Avoding Cross-Domain Security Error before accessing windowattributes?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Erwin S. Andreasen
    #1

    Avoding Cross-Domain Security Error before accessing windowattributes?

    Hi,

    I have a web application where window A opens window B (same site). B
    later wants to do something depending on whether
    the window A, window.opener.d ocument.domain, has changed.

    However, there doesn't seem to be a way to actually check whether A
    has moved to a different domain without triggering (in IE) a security
    violation and completely aborting the script. If the user has enabled
    debugging, this also brings up an annoying dialog box.

    I'd like to either catch this exception somehow or be able to tell
    beforehand whether I can access window.opener.* attributes
    successfully. According to:

    http://msdn.microsoft.com/library/default.asp?url=/workshop/author/om/xframe_scripting_security.asp


    the only thing I can do is to *write* to the various attributes.

    Can anyone suggest a way to work around this? I am not interested in
    accessing the location/domain of the new page, just whether the window
    has left my domain.


    --
    =============== =============== =============== =============== ===
    <erwin+usenet@a ndreasen.org> Herlev, Denmark
    <URL:http://www.andreasen.o rg/> <*>
    =============== =============== =============== =============== ===

    Tags: None
    • Kien
      #2
      Re: Avoding Cross-Domain Security Error before accessing window attributes?

      It is good that you CANNOT do this.
      I think you are trying to spy and police users' movement.
      If you want users to stay with your site make it attractive.

      Kien

      "Erwin S. Andreasen" <erwin+usenet@a ndreasen.org> wrote in message news:<87659kret 2.fsf@andreasen .org>...[color=blue]
      > Hi,
      >
      > I have a web application where window A opens window B (same site). B
      > later wants to do something depending on whether
      > the window A, window.opener.d ocument.domain, has changed.
      >
      > However, there doesn't seem to be a way to actually check whether A
      > has moved to a different domain without triggering (in IE) a security
      > violation and completely aborting the script. If the user has enabled
      > debugging, this also brings up an annoying dialog box.
      >
      > I'd like to either catch this exception somehow or be able to tell
      > beforehand whether I can access window.opener.* attributes
      > successfully. According to:
      >
      > http://msdn.microsoft.com/library/de...g_security.asp
      >
      > the only thing I can do is to *write* to the various attributes.
      >
      > Can anyone suggest a way to work around this? I am not interested in
      > accessing the location/domain of the new page, just whether the window
      > has left my domain.[/color]

        Comment

        • Martin Honnen
          #3
          Re: Avoding Cross-Domain Security Error before accessing window attributes?



          Erwin S. Andreasen wrote:

          [color=blue]
          > I have a web application where window A opens window B (same site). B
          > later wants to do something depending on whether
          > the window A, window.opener.d ocument.domain, has changed.
          >
          > However, there doesn't seem to be a way to actually check whether A
          > has moved to a different domain without triggering (in IE) a security
          > violation and completely aborting the script. If the user has enabled
          > debugging, this also brings up an annoying dialog box.[/color]

          Well by now J(ava)Script supports try/catch, with IE since IE5, with
          Netsape since Netscape 6, so at least for those and other new browsers
          like Opera 7, Safari you can certainly use
          try {
          // access other window here
          }
          catch (e) {
          // handle exception here
          }

          --

          Martin Honnen
          Attention Required! | Cloudflare
          http://JavaScript.FAQTs.com/


            Comment

            Previous template Next
            Working...