cross domain scripting problem in IE6 (not IE7)

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • codefragment@googlemail.com
    #1

    cross domain scripting problem in IE6 (not IE7)

    Hi
    We have a website that has just had some SSL changes made to it.
    Specifically the iframe src was changed to 'javascript:new String("")'
    as about:blank prompts a message about "mixed content on pages'

    Now we get a message "Access is denied" when accessing anything in an
    iframe using
    TopDocument().f rames["iframe_the ID']

    TopDocument() is top.window.docu ment (I think its the equivilent)

    This is in IE6, this same code works in IE7. This is also only off one
    machine, when installed on another machine it seems to work. Begs the
    question what happens when it goes to customers (yes, some still have
    IE6)

    Any ideas?
    Tags: None
    • Joost Diepenmaat
      #2
      Re: cross domain scripting problem in IE6 (not IE7)

      codefragment@go oglemail.com writes:
      Hi
      We have a website that has just had some SSL changes made to it.
      Specifically the iframe src was changed to 'javascript:new String("")'
      as about:blank prompts a message about "mixed content on pages'
      Ugh.
      Now we get a message "Access is denied" when accessing anything in an
      iframe using
      TopDocument().f rames["iframe_the ID']
      >
      TopDocument() is top.window.docu ment (I think its the equivilent)
      It's probably not.
      This is in IE6, this same code works in IE7. This is also only off one
      machine, when installed on another machine it seems to work. Begs the
      question what happens when it goes to customers (yes, some still have
      IE6)
      Any particular reason you don't initialize the iframe with a blank page
      hosted on the same server as the rest of the page?

      --
      Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/

        Comment

        • codefragment@googlemail.com
          #3
          Re: cross domain scripting problem in IE6 (not IE7)

          On 22 Sep, 17:44, Joost Diepenmaat <jo...@zeekat.n lwrote:
          codefragm...@go oglemail.com writes:
          Hi
            We have a website that has just had some SSL changes made to it.
          Specifically the iframe src was changed to 'javascript:new String("")'
          as about:blank prompts a message about "mixed content on pages'
          >
          Ugh.
          >
          Now we get a message "Access is denied" when accessing anything in an
          iframe using
          TopDocument().f rames["iframe_the ID']
          >
          TopDocument() is top.window.docu ment (I think its the equivilent)
          >
          It's probably not.
          >
          This is in IE6, this same code works in IE7. This is also only off one
          machine, when installed on another machine it seems to work. Begs the
          question what happens when it goes to customers (yes, some still have
          IE6)
          >
          Any particular reason you don't initialize the iframe with a blank page
          hosted on the same server as the rest of the page?
          >
          --
          Joost Diepenmaat | blog:http://joost.zeekat.nl/| work:http://zeekat.nl/

          Assuming I have a blank page at the root of my website/virtual
          directory, I don't know how my website has been deployed, and the
          iframe is being created from some nested url do you have some example
          javascript?

            Comment

            • Joost Diepenmaat
              #4
              Re: cross domain scripting problem in IE6 (not IE7)

              codefragment@go oglemail.com writes:
              On 22 Sep, 17:44, Joost Diepenmaat <jo...@zeekat.n lwrote:
              >codefragm...@g ooglemail.com writes:
              Hi
                We have a website that has just had some SSL changes made to it.
              Specifically the iframe src was changed to 'javascript:new String("")'
              as about:blank prompts a message about "mixed content on pages'
              >>
              >Ugh.
              [ ... ]
              Assuming I have a blank page at the root of my website/virtual
              directory, I don't know how my website has been deployed, and the
              iframe is being created from some nested url do you have some example
              javascript?
              Assuming your initial html file is in the same "directory" :

              <iframe src="blank_page .html"></iframe>


              --
              Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/

                Comment

                • codefragment@googlemail.com
                  #5
                  Re: cross domain scripting problem in IE6 (not IE7)

                  Assuming I have a blank page at the root of my website/virtual
                  directory, I don't know how my website has been deployed, and the
                  iframe is being created from some nested url do you have some example
                  javascript?
                  >
                  Assuming your initial html file is in the same "directory" :
                  >
                  <iframe src="blank_page .html"></iframe>
                  It won't be in the majority of cases, i.e. we use lots of iframes on
                  many different pages for various reasons. The problem I have is that
                  the url for my site might be
                  http://machine:port/Base (website)

                  or

                  http://machine:port/vdname/Base (virtual directory)

                  location only seems to give you address up to the port while vdname
                  (virtual directory name) is unknown.

                  Also the webpages (70+) are all in various folders so the iframe is
                  likely to be on a page somewhere in a folder but not at the root. I
                  don't want to put blank.html files in every folder.

                  This is asp.net so I can use that to get the url but I -believe- (may
                  not be true) that the folder asp.net shows you may not be the real
                  one, due to some kind of mapping?

                  thanks for the reply

                    Comment

                    Previous template Next
                    Working...