HomepageOther stuffa javascript issue...| Author | Post | ||
aceldama    |
i've been trying to figure it out (on both mozilla and ie7) till my head feels like exploding. (formatted for readability) can someone please tell me why this works:
<script>
function gData(){alert(parent.window.frames.length);}
</script>
<iframe src="http://xxxx.com" name="myIframe" onload="gData()"></iframe>
[output: 1] - which means that there definitely is a frame in the frames array (ie. frame[0])
<script>
function gData(){alert(parent.window.frames[0].window.document);}
</script>
<iframe src="http://xxxx.com" name="myIframe" onload="gData()"></iframe>
[output: object htmlDocument] - which tells me that the frame's document object is accessible  but this however, doesn't work:
<script>
function gData(){alert(parent.window.frames[0].window.document.cookie);}
</script>
<iframe src="http://xxxx.com" name="myIframe" onload="gData()"></iframe>
[no output] |
||
Edited by aceldama on 27.11.2007 13:41:16 | |||
 27.11.2007 07:55:16 |
|
||
|
aceldama |
sorry for the bump, but please can anyone help me here? |
||
|
27.11.2007 13:36:08 |
|
||
Bander  |
I'll just make a wild guess and say try adding a semi colen. I didn't test this at all though.  Quote:onload="gData();" |
||
 28.11.2007 03:43:31 |
|
||
| unknown user |
I don't want to come off all arrogant now, but that will not _work_ Browsers don't allow this for obvious security reasons, perhaps if you turn down the security settings. But otherwise this will not work. Browser restrictions. Otherwise anybody with a website, like google could collect every bodies cookies. Which would make hunting for XSS bugs obsolete ... |
||
| 28.11.2007 03:55:01 |
|
||
|
Bander |
Oh duh. Yeah, you can't execute your own JS inside other peoples pages. /me wasn't looking closely |
||
Edited by Bander on 28.11.2007 04:04:45 | |||
|
28.11.2007 04:04:19 |
|
||
| unknown user |
just open the javascript console in firefox, or surf to chrome://global/content/console.xul in another window and you will see the message "Uncaught exception permission denied to get property ..." or put it in a try catch block ... |
||
| 28.11.2007 04:10:52 |
|
||
|
aceldama |
ah, i see  thank you rhican. once again you were of much help. -forever learning- |
||
|
29.11.2007 00:06:17 |
|
||
|
aceldama |
can anyone tell me if it's possible to set the iframe location to the javascript inline debugger? i'm using this code, but it results in a really odd error: "uncaught exception: ReferenceError: alert is not defined" <html>
<head>
<script>
function xReload(){document.getElementById("IF01").src="javascript:alert('reloaded-frame');";}
</script>
</head>
<body>
<iframe id="IF01" src="http://google.com/" onload="xReload();"></iframe>
</body>
</html>EDIT: i mean, i've googled, but can't seem to find whether it's the same issue i was dealing with all that time ago. |
||
Edited by aceldama on 18.03.2010 20:51:36 | |||
|
18.03.2010 20:46:42 |
|
||
private message
EMail