Javascript cross-frame scripting problem
Koos Vriezen
koos.vriezen at xs4all.nl
Mon May 2 19:02:23 BST 2005
On Mon, May 02, 2005 at 07:47:21PM +0200, Martijn Klingens wrote:
> Another problem with my employer's intranet: some DHTML code is trying to
> access objects in other frames and gets treated by a 'DOM Exception 4'. See
> attached testcase that exhibits the problem (open frameset.html).
>
> I can imagine that this is not allowed across sites (XSS vulnerabilities), but
> within a site, or even on file:// like with the testcase, I don't see a
> reason to disallow this.
>
> Why doesn't KJS allow this at all?
Are you sure you don't test if executing inter-frame code should be done
_after_ the frameset is loaded completely (ie. use onLoad)?
Koos
More information about the kfm-devel
mailing list