iframe - opening unintended page in IE - javascript

I have an Iframe like this:
<iframe src="http://microsoft.com"></iframe>
My script goes like this:
<script>
for (var i = 0; i < frames.length; i++) {
frames[i].location = "https://www.domain.com?parameter";
}
</script>
Problem:
The above code works fine in Firefox or any other browser but IE.
Actually the problem is that when the page is loaded the src of the iframe is changed using the script, and this src goes to the another domain and login. And if the user successfully logs in then the website returns a list of products which will be shown in the iframe. When I run in Firefox, passing the parameter for the src, the user successfully authenticates in the website and the list of products is shown, but this does not happen in IE. IE always shows only the login page. But when I open the same URL in a new window in IE, it works fine. How can I solve this?
Please keep in mind i am using https.

try this
It clashes less with the same origin security issue which prohibits you to interact with the framae/window using its attributes
<iframe name="frame1" src="http://microsoft.com"></iframe>
window.open("https://www.domain.com?parametr","frame1");

Related

SetTimeout Redirect Not Working with Firefox

I have been working with a page that redirects a user to either an installed application or a webpage (the fallback). This is called when the page first loads via ClientScript.RegisterStartupScript; the Javascript portion looks something like this:
<script type='text/javascript'>var a = window.location.search; setTimeout(function(){ window.location.pathname = '/Fallback.aspx'}, 500); window.location='myapp://open' + a;</script>
So far, this snippet always functions as expected in Google Chrome, redirecting the user to the Fallback page whenever the 'myapp://open' fails to open correctly within the given amount of time. In Internet Explorer, it only works when the timeout value is set to 100 or lower. My problem at this moment is Firefox, which fails to redirect correctly no matter what the timeout value is set to. (For Firefox, I have tried values of as little as 25 and as high as 2000.)
Does anyone know what the Firefox browser might do differently that would prevent it from redirecting, and if so, is there any known workaround for it?
Thank you very much in advance for your time and advice.
UPDATE: The exact error page I am getting from Firefox is titled "The address wasn't understood", with the description similar to the following: "Firefox doesn't know how to open this address, because the protocol (myapp) isn't associated with any program."
UPDATE: To test this, you can replace '/Fallback.aspx' in the code with 'www.google.com'. If this is tried in IE or Chrome, the browser will fail to open myapp://open and should redirect you to Google instead; this is the intended functionality since the application is not installed. However, in Firefox you will likely be left at the error page telling you the protocol is not recognized; it will fail to redirect to the fallback. I hope this helps, and I apologize for the original wording of my question.
I have found a few different ways to get around this for anyone who may stumble across this question with the same issue. =) The first is by using redirect code in code behind, singling out the Firefox browser which needs to be handled differently:
string userAgent = Request.ServerVariables["HTTP_USER_AGENT"];
if (userAgent.Contains("Firefox") && !userAgent.Contains("Seamonkey"))
{
ClientScript.RegisterStartupScript(this.GetType(), "checkForApp", "<script type='text/javascript'>var a = window.location.search; try { window.location.href='myapp://open' + a; } catch(e) { window.location.pathname = './Fallback'; }</script>"); //Firefox Only
}
else
{
ClientScript.RegisterStartupScript(this.GetType(), "checkForApp", "<script type='text/javascript'>var a = window.location.search; setTimeout(function(){ window.location.pathname = './Fallback.aspx'; }, 100); window.location.href='myapp://open' + a;</script>"); // IE & Chrome
}
Although it worked, I do not like this method because it examines the user agent. After this someone suggested to me that I should put an iframe on my fallback page to open the app and just direct everyone to the fallback page instead (which still opens, but if the app is installed, it should open too.) This works in most browsers but not Internet Explorer:
<iframe name="open_app" id="open_app" src="myapp://open" style="height: 1px; width: 1px; visibility:hidden;" ></iframe>
The method I finally decided to go with was an object tag on the fallback page. So far, this seems to work in most major browsers and tested successfully using Chrome, Firefox, Safari, and Internet Explorer. Using this, the fallback page is still opened in the user's browser, but the app will also be opened if it is installed.
<object data="myapp://open<%= Request.Url.Query %>"/>

communication between an iframe and the page its part of through javascript in ie8

I have seen many questions like this but have not found anything that seems to help with my specific situation so I apologize if this question seems repetitive.
I have a site www.foo.com and have an iframe in it. When information I click on an a tag in foo.com a javascript function is called that passes a new image to the iframe to show the user. The communication between iframe and its "parent" seems to work fine on all browsers EXCEPT RANDOM IE8 PAGES. I get the following error message "access is denied" and the browser points to the function that has been activated. Following is a piece of code from the site to see how it works.
the iframe:
<iframe scrolling="no" src="foo.com/bar" id="ifram" name="ifram"></iframe>
the a tag:
The javascript:
if($(this).val() == '242'){
document.getElementById('ifram').style.border='0px';
document.getElementById('ifram').style.background = "url('../product_images/uploaded_images/Flag.jpg')";
document.frames.ifram.document.body.style.backgroundColor="transparent";
This is just a snippet of a code and does not include the whole process of the ajax call to get the image but was not sure if the ajax is part of the issue. I get an undefined error in firefox but the function still fires . I am assuming I would just need to use window.frames for firefox.
Overall, any help on how to resolve this issue would be appreciated. I am wondering if there is a security issue that has to do with browser settings or if its part of how I coded.
Thanks in advance
It's important to note that if your iframe tag is on a page located at http://www.foo.com but the iframe points to http://foo.com it's considered a sandboxing violation and you'll get access denied. Make sure you're pointing to the same domain as your page is on. You can use relative URLs in the iFrame src tag, too, so you can change it to src="bar.php" (without any domain information).
You dont need to use document.frames before document.frames.ifram.document.body.style.backgroundColor = "#ccc";. Just ifram.document.body.style.backgroundColor = "#ccc"; will do.

chrome unable to get top.document after changing url

I am not using any plugins or frameworks.
I have some local help pages (which will not be hosted on a server), most of which need to be loaded into a frame. So, duringonload, I check if the page is in a frame or not:
top.document.location.href == document.location.href
and if this is true, and therefore the page is not in a frame, then I
top.document.location.href = "frame.html?info="+document.location.href;
Now, when frame.html?info=stuff.html loads, I can get the info parameter from:
`top.document` or `window.top.document`
and load that page into a frame as intended.
This all works as intended on Safari, IE9, and Opera. It does not work in Chrome. Instead, top.document and window.top.document are both undefined after frame.html is loaded.
How should I get the top URL and, more importantly, its parameters when I load frame.html?info=...
If it is helpful, I believe this behavior is because of this issue.

Dynamic iframe not loaded occasionally in Firefox

I have some JavaScript code that dynamically injects an iframe in a given HTML page. Unfortunately, in Firefox, and only in Firefox, although the iframe is created from time to time the relevant URL isn't loaded into it.
I know it wasn't loaded because the relevant URL doesn't appear in the Firebug Net tab, and when I inspect the iframe I don't see any expected HTML code in there (when the iframe is on the same domain as the outlying page). I don't see any JavaScript or network errors either.
Here's a code snippet, I've checked all the relevant variables are correct:
var iframe = document.createElement("iframe");
iframe.width = options["w"];
iframe.height = options["h"];
iframe.scrolling = "no";
iframe.marginWidth = 0;
iframe.marginHeight = 0;
iframe.frameBorder = 0;
iframe.style.borderWidth = 0;
if (node.childNodes.length > 0)
node.insertBefore(iframe, node.childNodes[0]);
else
node.appendChild(iframe);
iframe.contentWindow.location = iframeSrc + "?" + querystring;
Here's an example URL that is set for the iframe (the issue also recreates when the URL points to an external server, had to omit the 'http://' at the beginning otherwise I couldn't post the question):
127.0.0.1:8000/widget/iframe/index.html?style=slide-top-to-bottom&culture_code=en_us&c=26&sc=1324&title=Top%20News&caption=Top%20Stories&order=relevance&count=20&w=250&h=300&timestamp=true&scrollbar=false&theme=ui-lightness&className=8815455464592103&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fwidget%2Fbuilder%2Findex.html
Doing some research on the web, I found this unfixed Firefox bug which seems related to this issue:
https://bugzilla.mozilla.org/show_bug.cgi?id=279048
After reading the bug, I tried several solutions none of which solved the issue:
Setting iframe.src instead of iframe.contentWindow.location
Adding a random parameter to the querystring
Adding the '#' symbol with a random number at the end of the URL
Giving the iframe a random name
Does anyone have a workaround for this annoying Firefox bug? Or is the issue I'm describing unrelated to the bug and has a different solution?
What happens if you add this to the bottom of your script?
iframe.contentWindow.location.reload(true);
Perhaps it will stop the need to reload in FF.
EDIT
Fixed the example
Solved the issue, I was looking in the wrong place. The HTML file where this dynamic iframe was loaded had an empty iframe tag that was removed from the DOM, after which the dynamic iframe was injected instead.
Apparently Firefox cached the last URL for this iframe, and loaded it immediately as the external page loaded. I know because I saw the relevant HTML file being loaded twice in the Firebug Net tab rather than once upon the injection.
After I got rid of this empty iframe tag and relied only on the injected iframe, everything started to work well and the issue didn't reproduce anymore. I guess Firefox didn't like handling this scenario, some kind of bug maybe?
Thanks anyway for helping me out, it gave me the inspiration for the right solution :)

Refresh iframe in javascript

I tried to run a line of code as the following:
document.getElementById('frame0').contentDocument.location.reload(true); to force iframe to refresh or reload but I got the error like "permission denied" in firefox. Does anyone know why? and help to offer a solution? Thanks!
It is probably because of crossdomain issues - looks like your iframes content is from another domain as your mainframe (from which you run your js code). FF is very restrictive concerning crossdomains.
You can't reload a document that comes from a different hostname, due to the Same origin policy, which applies in all browsers.
You would have to remove the iframe from the page and replace it with a new one:
var iframe= document.getElementById('frame0');
var newiframe= document.createElement('iframe');
newiframe.src= iframe.src;
iframe.parentNode.replaceChild(newiframe, iframe);
However this will load the original src of the <iframe>, which won't be the same as the current location if the user has navigated the page since.

Categories

Resources