Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cross-Site Script Security issue Kindly help me out!!

 
Graham Thorpe
Ranch Hand
Posts: 265
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Iam facing a problem "Error: uncaught exception: permission denied to get property" which is Cross-Site Script Security issue. The Problem is Child window calls the parent window javascript method using window.opener. This will works if Parent and Child window are in the same instances or domain. But it gives the above exception if it is in the different instance. Kindly Help me out this.
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is nothing you can do since they are on two different domains, this is done for security so people can not pull your bank account information, etc.

Eric
 
Nick Lello
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am getting the same issue, but with a child IFRAME calling a function in it's parent... in this case, the webpages are from differents hosts in the same domain -- is there any way to get the browser to relax the rules slightly ?
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
nope
 
Yuriy Fuksenko
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For IE, you can use HTA files (look at msdn). It called HTML application, and don't have any security checks (though it promts user - to launch it or to save it). You can see examples on my website in downloads. It is Web test toolkit and web code expert.

Not sure you the following, but if the ip addresses that you are displaying fixed, than you can look into this option.

This is a security issue I read somewhere about a year ago:
If you have domain name, let say mydomain.com, and defined to subdomains, let say sub1.mydomain.com and sub2.mydomain.com, and display them in frames (or use popup window), scripts from those frames will be able to access each other. The browser actually checks the names, not ip's. This could cause the following problem - if I define my subdomains to point to different ip's, from browser point of view, they still on the same domain.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic