Javascript cross-frame scripting problem
Martijn Klingens
klingens at kde.org
Mon May 2 19:06:13 BST 2005
On Monday 02 May 2005 20:02, Koos Vriezen wrote:
> On Mon, May 02, 2005 at 07:47:21PM +0200, Martijn Klingens wrote:
> > Another problem with my employer's intranet: some DHTML code is trying to
> > access objects in other frames and gets treated by a 'DOM Exception 4'.
> > See attached testcase that exhibits the problem (open frameset.html).
> >
> > I can imagine that this is not allowed across sites (XSS
> > vulnerabilities), but within a site, or even on file:// like with the
> > testcase, I don't see a reason to disallow this.
> >
> > Why doesn't KJS allow this at all?
>
> Are you sure you don't test if executing inter-frame code should be done
> _after_ the frameset is loaded completely (ie. use onLoad)?
I'm extracting the test case from the web page I want to get working, so even
if the onLoad is required for KHTML, apparently it is not for IE. Can't test
that though. The original code has a 200msec timeout somewhere, that might
just be enough for IE and not for KHTML?
--
Martijn
More information about the kfm-devel
mailing list