JS security and enumerating a Window
Koos Vriezen
koos.vriezen at xs4all.nl
Fri Oct 25 18:14:31 BST 2002
On Fri, 25 Oct 2002, Dirk Mueller wrote:
> On Fre, 25 Okt 2002, Koos Vriezen wrote:
>
> > Don't know, why should JS get a handle to frame of another domain?
>
> for example to load a different url in it or so..
Hmm, yes indeed. Mozilla does with
<HTML>
<HEAD>
<SCRIPT>
function doIt() {
myframe1.document.open();
myframe1.document.write("<html><body>");
for(var i = 0; i < frames.length; i++) {
try {
myframe1.document.write(i + "=" + frames[i] + "<br>");
} catch(e) {
myframe1.document.write(i + " error<br>");
}
}
myframe1.document.write("</body></html>");
myframe1.document.close();
}
</SCRIPT> </HEAD>
<FRAMESET ROWS="300,*" onLoad="doIt()">
<FRAME NAME="myframe1" SRC="about:blank">
<FRAME NAME="myframe2" SRC="http://localhost/~koos/test.html">
</FRAMESET></HTML>
output
0=[object Window]
1=[object Window]
Current CVS has troubles with toString conversion of second frame (No
default value, see previous posting)
Changing myframe1.document.write(i + "=" + frames[i] + "<br>"); to
myframe1.document.write(i + "=" + frames[i].location + "<br>");
mozilla gives
0=wyciwyg://0/file:///home/koos/public_html/jsframes.html
1 error
Koos
More information about the kfm-devel
mailing list