Javascript cross-frame scripting problem
Martijn Klingens
klingens at kde.org
Mon May 2 18:47:21 BST 2005
Another problem with my employer's intranet: some DHTML code is trying to
access objects in other frames and gets treated by a 'DOM Exception 4'. See
attached testcase that exhibits the problem (open frameset.html).
I can imagine that this is not allowed across sites (XSS vulnerabilities), but
within a site, or even on file:// like with the testcase, I don't see a
reason to disallow this.
Why doesn't KJS allow this at all?
--
Martijn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20050502/a92a1bee/attachment.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20050502/a92a1bee/attachment-0001.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20050502/a92a1bee/attachment-0002.html>
More information about the kfm-devel
mailing list