window.onload

Re: window.onload

Richard Bell wrote:
[color=blue]
> Why doesn't this seem to work?
>
> var win; // window handle
>
> function onloadfunction( arg ){ // replace cnn with google
> win.navigate( "http://www.google.com" );// never executes
> }
>
> win = window.open("ht tp://www.cnn.com", "win", ""); // open window
> with CNN
> win.onload = onloadfunction; // set onload funciton
>
> but never see google displayed!
>[/color]

Because you can only have access to the object model of another page, if
you are coming from the same domain as the page you want to control.

This is a security feature of JavaScript, so I cannot bring a page up in
a frame, and run my code on it.

For instance, immagine I bring up www.yourBank.com, and for the login, I
replace the onsubmit method of the login form with my own function. I
could grab your username and password, and then submit the form.

This would be very bad:
////////////////////////////////////////////
var win;
var oldsubmit = null;

function onsubmitfunctio n {
// Here is your user name and password!!!!!
yourUsername = win.document.ge tElementById("U sername");
yourPassword = win.document.ge tElementById("P assword");
// send this data to your server, for storage
...
// run the old submit function, so everything looks the way it should
if(oldsubmit)
return oldsubmit();
else
return true;
}
function onloadfunction( ) {
// save the old submit function, and replace it with ours
oldsubmit = win.document.ge tElementById("L oginForm").onsu bmit;
win.document.ge tElementById("L oginForm").onsu bmit = onsubmitfunctio n;
}

win = window.open("ht tp://www.yourBank.co m", "win", "");
win.onload = onloadfunction;
///////////////////////////////////////////////

It is really just an example of how what you want to do could be a real
security risk.

Brian