SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Specfic override to the same-origin policy

    Hi Everyone,

    I am hoping that someone will be able to help.

    I am trying find a way to create a specfic override to the same-origin policy between 2 frames so that I can use javascript find out the current url of frame2 from frame1.

    I have read that I will need a digitally signed activex control for IE6/7 and I am not sure what is needed for other browsers.

    I need this to be secure in that the override will:

    - only allow frame1 (when loaded from mydomain.com) to find the current url of frame 2
    - not work when frame2 is https

    If this is possible does anyone know why I should not do this? If I use this in my app am I going to shoot myself in the foot?

    Hope this makes sense :-)

    Also if anyone knows another way to replicate this behaviour by another mechanism???

  2. #2
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wow I never thought I would have the experts here stumped

  3. #3
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Location
    Sydney, Australia
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I would be really surprised, and a little bit worried if this was possible at all, although your needs are genuine, if this was possible I'm sure someone would have created an exploit to do bad things with this by now.
    Kind Regards,
    Steve
    http://www.rtepad.com

  4. #4
    SitePoint Wizard
    Join Date
    Nov 2004
    Location
    Nelson BC
    Posts
    2,310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why do you need to know the URL?

  5. #5
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I want to build an inpage toolbar so that the user would not have to download a toolbar for their browser.

    As part of this I want them to be able to find out the URL of the other frame so that they can store it in their favourites.

    I do not need any other access to the other frame.

    I am sure that this is 100% do-able using activex (would need to be signed if being downloaded from server)

    I can do the frames & html part, and there are lots of people that can help with the Jscript but not many people seem to know about this :-(


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •