aspose file tools*
The moose likes JSP and the fly likes Cross Frame Scripting issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Cross Frame Scripting issue" Watch "Cross Frame Scripting issue" New topic
Author

Cross Frame Scripting issue

lakshmi gullapudi
Greenhorn

Joined: Mar 18, 2013
Posts: 16
Can you please help me how to resolve this issue.


We are trying to fix cross frame scripting issue by adding <% response.addHeader("X-Frame-Options", "SAMEORIGIN"); %> in jsp page, my project archituecture doesn't support single control servlet ,so added x-frame tag in each jsp.

but still this issue cross frame scripting occurs in application.


Vunerable url : http://usa0300uz1178.apps.mc.xerox.com:10503/SSCM/index.jsp


index.jsp



<jsp:useBean id="project" class="com.lpasystems.cmss.ProjectBean" scope="application" />
<jsp:setProperty name="project" property="top" value='<%="http://" + request.getServerName() + ":" + request.getServerPort() + "/CMSS" %>' />

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Content-Type" content="text/html; charset=UTF-8">

<TITLE>First File Loaded</TITLE>
<% response.addHeader("X-Frame-Options", "SAMEORIGIN"); %>

</HEAD>
<SCRIPT LANGUAGE="JavaScript">
var sHrefLocation = "http://usa0300uz1192.apps.mc.xerox.com:10500/xpicweb/home.html"

var bLaunchAppInSeparateWindow = true
var sNewWindowTitle = "CMSS"
var newAppWindow = null

function displayApp()
{
if (bLaunchAppInSeparateWindow)
{
self.location.href = sHrefLocation

newAppWindow = window.open(
"index2.jsp",
sNewWindowTitle,
"status,resizable,scrollbars,width=900,height=600");

if (typeof newAppWindow.focus != 'undefined')
{
newAppWindow.focus();
}
}
else
{
self.location.href = 'index2.jsp'
}
}
</SCRIPT>

<BODY bgcolor="white" onLoad="displayApp()">
<center><br><br><br>
<h3><i>Starting application....</i></h3><br><br>
<h5>
You may close this window once the application starts.<br>
To logout, simply close the main application window.<br>
</h4>
</center>
</BODY>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</HEAD>
</HTML>




Response:

HTTP/1.1 200 OK
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-4.0.0 (build: CVSTag=JBoss_4_0_0 date=200409200418)
ETag: W/"389-1376931758000"
Last-Modified: Mon, 19 Aug 2013 17:02:38 GMT
Content-Type: text/html
Content-Length: 389
Date: Tue, 20 Aug 2013 17:27:49 GMT
Server: Apache-Coyote/1.1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<title></title>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Content-Type" content="text/html; charset=UTF-8">
<META HTTP-EQUIV="X-FRAME-OPTIONS" CONTENT="SAMEORIGIN">
</head>
<body onload="location.href='jsp/index.jsp'">
</body>
</html>



is url http://usa0300uz1192.apps.mc.xerox.com:10500/xpicweb/home.html in index.jsp causing this issue ? if yes, how to add x-frame tag in this html file?


Please help me.

Frederik Nielsen
Greenhorn

Joined: Aug 25, 2013
Posts: 14

Is the above code in the same JSP file? and you should write it in this order <html><head></head><body></body></html>

also your javascript is after </head> and before <body> . it should be between <head> and </head>

If it still dont work after that edit your post and i will take another look at it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Cross Frame Scripting issue
 
Similar Threads
can't access iframe variable but can call iframe method
Could not find action or result
session problem
Cross Site scripting
Cross Frame scripting