Javascript cross-frame scripting problem
Koos Vriezen
koos.vriezen at xs4all.nl
Mon May 2 19:14:56 BST 2005
On Mon, May 02, 2005 at 08:06:13PM +0200, Martijn Klingens wrote:
> On Monday 02 May 2005 20:02, Koos Vriezen wrote:
> > On Mon, May 02, 2005 at 07:47:21PM +0200, Martijn Klingens wrote:
> > > Another problem with my employer's intranet: some DHTML code is trying to
> > > access objects in other frames and gets treated by a 'DOM Exception 4'.
> > > See attached testcase that exhibits the problem (open frameset.html).
> > >
> > > I can imagine that this is not allowed across sites (XSS
> > > vulnerabilities), but within a site, or even on file:// like with the
> > > testcase, I don't see a reason to disallow this.
> > >
> > > Why doesn't KJS allow this at all?
> >
> > Are you sure you don't test if executing inter-frame code should be done
> > _after_ the frameset is loaded completely (ie. use onLoad)?
>
> I'm extracting the test case from the web page I want to get working, so even
> if the onLoad is required for KHTML, apparently it is not for IE. Can't test
> that though. The original code has a 200msec timeout somewhere, that might
> just be enough for IE and not for KHTML?
Maybe IE timers start ticking after an onLoad or so :-)
Btw. 200ms sounds like a lot in a local LAN (unless it's that cheating
IIS of course).
Koos
More information about the kfm-devel
mailing list