JQuery security error in Opera and Internet Explorer - javascript

I am developing an app for social network which works in IFrame. The app works just fine in Google Chrome and Microsoft Firefox browsers, but in Opera 12.15 JQuery library v1.10.1 fails to load with security error Unhandled error: Security error: attempted to read protected variable on line 1513.
The screenshot is here:
It looks like the same bug exists in Internet Explorer 10.
How to deal with it?
UPDATE:
I have made dirty hack by commenting the lines 1513-1517 in the code of jquery:
// Support: IE>8
// If iframe document is assigned to "document" variable and if iframe has been reloaded,
// IE will throw "permission denied" error when accessing "document" variable, see jQuery #13936
/*if ( parent && parent.frameElement ) {
parent.attachEvent( "onbeforeunload", function() {
setDocument();
});
}*/
The functionality of my app seems to work now, maybe it is necessary to create issue in JQuery repo...

Bug report was created - http://bugs.jquery.com/ticket/13980.
Bug is now fixed.

Add this before you include JQuery:
var isIE11 = !!(navigator.userAgent.match(/Trident/) && !navigator.userAgent.match(/MSIE/));
if (isIE11) {
if (typeof window.attachEvent == "undefined" || !window.attachEvent) {
window.attachEvent = window.addEventListener;
}
}
Hope it helps, It worked for me.

Related

Window that was opened by window.open won't close

I'm having problems with a piece of code that has worked before for years, but seems to have stopped working now.
I'm opening a window with a login form and I'm listening via a WebSocket for events regarding that login. After the login was successful, I want to close the window (that my script has opened and kept the reference to) after a short moment. I'm using the following code:
const windowManager = {
window: null,
eventType: null,
}
function openWindow({ url, eventType }) {
windowManager.window = window.open(url)
windowManager.eventType = eventType
}
function closeWindow({ eventType }) {
if (windowManager.window && windowManager.eventType == eventType) {
setTimeout(() => {
windowManager.window && windowManager.window.close()
windowManager.window = null
}, 100)
}
}
I have confirmed that windowManager.window.close() is called and does not thrown an error. I have also extracted the code from the application and tested it separately and it still won't close the window. As I said, this piece of code has worked before and was not changed in the past two years or so.
I'm using the following browsers:
Safari 15.3
Firefox 97.0b9 (Developer Edition)
Chromium 94.0.4606.61
I'm grateful for any pointers which could help resolve this issue. Thanks a lot!
After figuring out that the above code worked totally fine with other sites like Google or GitHub, I found that the Cross-Origin-Opener-Policy header in our auth backend (which was the site that was opened with the code) is the culprit. We had just updated Helmet to version 5 which added the header by default.
Our solution was to set Cross-Origin-Opener-Policy to same-origin-allow-popups on both source and target window (which are hosted on the same origin, but served by different servers). It also worked when setting it to unsafe-none for the target window without setting it at all on the source window.

"You are not currently attached to a supported page or app." error while executing JQuery code in Internet Explorer 11 console

I am trying to execute following code in IE 11 Console:
var alinks = $('a');
for (var i = 0; i < alinks.length; i++) {
if ($(alinks[i]).text().trim() == "Contact Management") {
alinks[i].click();
break;
}
}
But I am getting following error:
You are not currently attached to a supported page or app.
I researched on Google and SO but didn't find any solutions or reasons for this error.
I also tried running this code in Chrome and Firefox and it's working fine there.
UPDATE
I also tried simple console.log('s') but it's showing undefined without display s. Also, no alert when alert('s') is executed.
Go to Tools> Internet Options > Security > Tap on Custom Level button > Under Scripting, Enable Active Scripting > Ok
Restart internet Explorer
Hoe it works :)

Javascript global error handling (not work on ie 9)

I would like to catch every error in javascript and log server side.
core.js (on first line)
// Global error javascript log
window.onerror = function(msg, url, line)
{
try
{
// Send error to server via AJAX Request
var x = new (this.XMLHttpRequest || ActiveXObject)('MSXML2.XMLHTTP.3.0');
x.open('POST', '/jserrorlog.php', 1);
x.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
x.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
x.send('Msg='+msg+'&Url='+url+'&Line='+line);
x.onreadystatechange = function(){
if(x.readyState > 3 && x.status == 200)
window.console && console.log(x.responseText);
};
}
catch(e)
{
window.console && console.log(e);
}
};
jserrorlog.php (Server Side)
<?php
// log error on server
$Msg = (isset($_POST['Msg'])) ? $_POST['Msg'] : null;
$Url = (isset($_POST['Url'])) ? $_POST['Url'] : null;
$Line = (isset($_POST['Line'])) ? $_POST['Line'] : null;
echo ( error_log('Javascript Error:'.$Msg.'; Url:'.$Url.'; Line:'.$Line) ) ? 1 : 0;
From: http://msdn.microsoft.com/en-us/library/ms976144.aspx
Handling Errors via the window.onerror DHTML Event
A common problem that bites many developers occurs when their onerror
handler is not called because they have script debugging enabled for
Internet Explorer. This will be the case by default if you have
installed the Microsoft Script Debugger or Microsoft Visual Studio
6.0® (specifically Visual InterDev 6.0™)—onerror handling is how these products launch their debugger. You can disable script debugging for a
given instance of Internet Explorer on the Advanced tab of the
Internet Options dialog box (note that checking the Disable script
debugging setting will apply only to that instance of Internet
Explorer)
Disable script debugging to invoke your own onerror handler
It should be clear from this discussion that you can catch both syntax
and run-time errors using a window.onerror handler. However, I only
told you this so that you would understand how it works, not so that
you would intentionally allow syntax errors in your production Web
pages. All syntax errors can, and should, be eliminated during the
development phase. Besides, onerror handling doesn't even work for
VBScript syntax errors (as noted below), and there is no way to catch
server-side syntax errors in any language.
Disable script debugging on IE
In Internet Explorer, choose Internet Options from the Tools menu.
In the Internet Options dialog box, click the Advanced tab.
On the Advanced tab, under Browsing, clear Disable Script Debugging.
Click OK.

JavaScript ActiveXObject

I have a queastion about ActiveXObject in javascript. I have tryed this code in Mozila FireFox 6.0.2
var AXobj = new ActiveXObject("WScript.Shell");
AXobj.SendKeys(key);
But the error console says that ActiveXObject is undefined. After that, I have tryed this:
var AXobj = new DOMParser("WScript.Shell");
AXobj.SendKeys(key);
But then, the error console says:
Error: uncaught exception: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "file:///C:/Documents%20and%20Settings/Guest/Desktop/stuff/html/GML%20to%20JS.html Line: 335"]
By the way, i don't want to use ActiveXObject only for SendKeys. I need it for more stuff (like writing in file... ) AND, the reason i use FireFox instead of IE is that FireFox supports HTML5.
ActiveX is a proprietary technology only supported by Microsoft...
It will only work in IE (thank goodness).
It also has some serious security concerns which is a big reason it was never adopted by other browser providers.
For this you can check if it is IE then do this otherwise
do that.
Like:
Function exampleFunction()
{
if ($.browser.msie) { /* IE */
//Your code
else {
//Your code
}
}
just a suggestion.

Testing for parent window protocol in Opera

I am trying to find out the protocol used by a parent window in a child window. If I use window.opener.location.protocol, it works in everything (IE8, FF3.5.5, Safari4.0.3, Chrome4) except Opera. In opera i get:
message: Security error: attempted to read protected variable 'protocol'
This used to work fine in Opera, but I guess they changed it. I am using Opera 10.10. Is there any way to test for the protocol, or even determine if the parent window is the same location and protocol as the child?
You should only get the error when the protocols are different.
In other words:
var isParentSecure;
try {
isParentSecure = window.opener.location.protocol === 'https';
catch(e) { isParentSecure = window.location.protocol !== 'https'; }
I haven't actually tested this.

Categories

Resources