wood burning stoves 2.0*
The moose likes HTML, CSS and JavaScript and the fly likes Cross-Site Script Security issue Kindly help me out!! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "Cross-Site Script Security issue Kindly help me out!!" Watch "Cross-Site Script Security issue Kindly help me out!!" New topic
Author

Cross-Site Script Security issue Kindly help me out!!

Graham Thorpe
Ranch Hand

Joined: Mar 25, 2002
Posts: 265
Iam facing a problem "Error: uncaught exception: permission denied to get property" which is Cross-Site Script Security issue. The Problem is Child window calls the parent window javascript method using window.opener. This will works if Parent and Child window are in the same instances or domain. But it gives the above exception if it is in the different instance. Kindly Help me out this.
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
There is nothing you can do since they are on two different domains, this is done for security so people can not pull your bank account information, etc.

Eric
Nick Lello
Greenhorn

Joined: Oct 15, 2004
Posts: 2
I am getting the same issue, but with a child IFRAME calling a function in it's parent... in this case, the webpages are from differents hosts in the same domain -- is there any way to get the browser to relax the rules slightly ?
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
nope
Yuriy Fuksenko
Ranch Hand

Joined: Feb 02, 2001
Posts: 413
For IE, you can use HTA files (look at msdn). It called HTML application, and don't have any security checks (though it promts user - to launch it or to save it). You can see examples on my website in downloads. It is Web test toolkit and web code expert.

Not sure you the following, but if the ip addresses that you are displaying fixed, than you can look into this option.

This is a security issue I read somewhere about a year ago:
If you have domain name, let say mydomain.com, and defined to subdomains, let say sub1.mydomain.com and sub2.mydomain.com, and display them in frames (or use popup window), scripts from those frames will be able to access each other. The browser actually checks the names, not ip's. This could cause the following problem - if I define my subdomains to point to different ip's, from browser point of view, they still on the same domain.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Cross-Site Script Security issue Kindly help me out!!
 
Similar Threads
Parent-Child form interaction
using replaceAll() function with jstl
parent window form name
Parent form reload
Dynamic growth of iframe in cross domain