permission denied to access window object

**Joost Diepenmaat** · Jul 7 '08, 09:55 PM

Re: permission denied to access window object

"jackchang1@gma il.com" <jackchang1@gma il.comwrites:

Hi,
>
I know if the frames/windows can't access properties inside another
frame/window that comes from a different domain. But could this call
violate the security
>
window.parent
>
if the window comes from a different domain?

IIRC, window.parent is normally safe. but it's *not* allowed to access
any (or at least, most) of the properties of window.parent if that
refers to a document from another domain.

I know it is safe to call window.location .

Well, yeah. By definition that refers to the current frame's
location. window is the global object.

--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/

**Henry** · Jul 8 '08, 12:25 PM

Re: permission denied to access window object

On Jul 7, 10:44 pm, "jackcha...@gma il.com" wrote:

I know if the frames/windows can't access properties
inside another frame/window that comes from a different
domain. But could this call violate the security
>
window.parent
>
if the window comes from a different domain?

That is not a "call", it is a property accessor. There are no security
implications in evaluating the code - window.parent - because the
result of that evaluation is an instance of the internal Reference
type with its 'base' property set to whichever object the Identifier
'window' evaluated as (probably the current window/global object) and
its 'property name' property containing the string 'parent'.

I know it is safe to call window.location .

In some environments perhaps, but there is nothing that suggests that
all - location - objects will be (or should be) callable, and most
certainly are not.

permission denied to access window object

permission denied to access window object

Comment

Comment