window permission denied
Posted: Mon Apr 28, 2003 3:37 pm
Try this code. It is a so called "frame buster", intended to break any frame this code is loaded into, to prevent loading the page into a faulty window object hierarchy.
Then send an email to your hotmail account where you have an "href" that hyperlinks to the page where this code resides.
When I try that. I get the following javascript error when using Mozilla 1.4:
I realize nothing is wrong, it is just some security setting in the outmost window that prevents my frame to access the top window object.
And that may be OK. I realize the cracking potential of leaving the frame's content exposeable to my child frame.
My problem is:
That code you see at the top of this post is cut from a login page to my Internet application. It is OK as long as I don't refer to the javascript object 'top'. The reeeeally funny thing now is, (listen now), this Internet Explorer 5 and 6 doesn't function when in that frame. HAHAHAHA! Here's my form tag:
My frame buster CAN'T bust hotmail's frameset. I'm busted. Permission denied. So... Mozilla, Opera and Netscape 7 runs my system perfectly even in that frame that I don't want. But IE!!!! HAHAHA! FAAAAIIILS! HA HA HAA!. The form doesn't post correctly in IE. PHP never gets it. I can't niether reject the login or permit it. The page just reloads when I press the submit button.
IE is so full of crap. Every single day I do some client side scripting that should work with ALL browsers according to documentation and standards that all but one developer team tries to adapt. And Internet Explorer has its quirks and bugs that appear out of nowhere without any easily understandable reasons.
I can work myself around that of course by opening another window or ask the email recepient at the hotmail account to cut and paste the address into a new system or something... I just wanted to post this as 50% of my client side development time is consumed by solving strange behaviour of IE. IE is a joke. .NET is not special! Linux has always been what Windows is now trying to become!
Now to the questions:
What kind of code can trigger that javascript security setting that prevents scripting access to the parent frame?
What do YOU think I should try to work around that problem?
Code: Select all
<html>
<head>
<script language="JavaScript">
function InitPage(){
if (top.frames.length != 0){
top.document.location='index.php<?php echo Querystr($_GET)?>'
}
}
</script>
</head>
<body onload="InitPage()">
</body>When I try that. I get the following javascript error when using Mozilla 1.4:
Code: Select all
Error: uncaught exception: Permission denied to get property Function.framesAnd that may be OK. I realize the cracking potential of leaving the frame's content exposeable to my child frame.
My problem is:
That code you see at the top of this post is cut from a login page to my Internet application. It is OK as long as I don't refer to the javascript object 'top'. The reeeeally funny thing now is, (listen now), this Internet Explorer 5 and 6 doesn't function when in that frame. HAHAHAHA! Here's my form tag:
Code: Select all
<form action="index.php?WhatNow=<?php echo $_GET['WhatNow'].($_GET['TopicID'] ? '&TopicID='.intval($_GET['TopicID']) : '').($_GET['UserID'] ? '&UserID='.intval($_GET['UserID']) : '')?>" name="Form1" method="POST" enctype="multipart/form-data">IE is so full of crap. Every single day I do some client side scripting that should work with ALL browsers according to documentation and standards that all but one developer team tries to adapt. And Internet Explorer has its quirks and bugs that appear out of nowhere without any easily understandable reasons.
I can work myself around that of course by opening another window or ask the email recepient at the hotmail account to cut and paste the address into a new system or something... I just wanted to post this as 50% of my client side development time is consumed by solving strange behaviour of IE. IE is a joke. .NET is not special! Linux has always been what Windows is now trying to become!
Now to the questions:
What kind of code can trigger that javascript security setting that prevents scripting access to the parent frame?
What do YOU think I should try to work around that problem?