Re: Access Denied - How to set document.domain when writing to new window
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.lang.javascript archive

Re: Access Denied - How to set document.domain when writing to new window

From: Thomas 'PointedEars' Lahn <PointedEars@web.de>
Date: Fri Mar 31 2006 - 19:50:35 CEST



johkar wrote:



> I am getting an Access denied error when I write to a new window.  The


> situation and code are outlined below.  I am setting the domain in the


> main window.  The problem is that the window I am popping up never gets


> it domain set, even though I have coded it to be the same as the main


> window.  I get an Access Denied errror.



Of course.  document.domain works if the second-level domain of both


resources is the same.  Since a generated document has no second-level


domain, you cannot set its document.domain.  That said, I do not think


you need to.


 


> [...]


> <script type="text/javascript">


> winstr += '<html><head><title>my App<\/title>';


> winstr += '<script


> type="text\/javascript">document.domain=\'mycompany.com\'<\/script>';


> winstr += '<\/head>';


> winstr += '<body>';


> winstr += '<form name="myForm" method="get" action="default.do">';


> winstr += '<div class="textbold">Last Name:<\/div>';


> winstr += '<input type="text" name="searchFilter" id="searchFilter"


> size="26" \/>';


> winstr += '<input type="submit" value="Search" \/><\/div>';


> winstr += '<\/form>';


> winstr += '<\/body>';


> winstr += '<\/html>';



Eeek.  Provided that `winstr' was declared before, consider



  winstr += new Array(


    '<html><head><title>my App<\/title>',


    '<script type="text/javascript">',


    'document.domain="mycompany.com";',


    '<\/script>',


    '<\/head>',


    '<body>',


    '<form name="myForm" action="default.do">',


    '<div class="textbold">Last Name:<\/div>',


    '<input name="searchFilter" id="searchFilter" size="26">',


    '<input type="submit" value="Search"><\/div>',


    '<\/form>',


    '<\/body>',


    '<\/html>'


  ).join("");



instead.



> var w=220;


> var h=120;


> var winname='popWindow';



Unnecessary.



> var winl = (screen.width - w) / 2;


> var wint = (screen.height - h) / 2;



Think about <URL:http://dorward.me.uk/tmp/fullscreen.jpeg>.



> var winprops = 'height='+h+',width='+w+',top='+wint+',left='+winl +


> ',toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no';


> if(win==null || win.closed)//only launch window if it doesn't already


> exist



  if (!win || win.closed)



BTW, source code should be posted so that it can be executed as-is, also


meaning that it should not break when word-wrapped.  Such (long) inline


comments should be before-comments, not after-comments.



>      win = window.open("", winname, winprops);


> win.focus();



IMO, you should wait with focusing until you have written the content.


And you should feature-test the focus() method before you call it.



> windoc = win.document;



You should declare _all_ your identifiers.



> //win.document.domain='mycompany.com';



See above.



> windoc.write(winstr);


> windoc.close();


> </script>



PointedEars


Received on Mon May  1 04:34:35 2006