document.domain "permission denied" issues with IE8 - javascript

I'm currently trying to load a page within a sub-domain, onto my main domain, using an iframe, and have the sub-domain call a javascript function (when dom-ready) within my main domain, so that the main domain can resize the iframe according to the height of the content.
Here's an example
www.mysite.com (code within page):
<script type="text/javascript">
document.domain = "mysite.com";
function doSomething() {
//do something
}
</script>
<iframe id="mytestid" src="test.mysite.com" height="0" width="900"></iframe>
And for my other site, test.mysite.com, here's the code within the page:
<script>
document.domain = "mysite.com";
$(document).ready(function () {
window.parent.doSomething();
});
</script>
This seems to work just fine for firefox, safari, and chrome, but not for IE8.
IE8 always gives me a "permission denied" error when making the call window.parent.doSomething()
I haven't been able to test on IE7 or IE6 to see if the problem persists, but has anyone encountered this problem? Have I missed something with the way I'm laying out the code?
Thanks for the help guys.

document.domain “permission denied” issues with IE8 SOLVED!!
just like other user said, just set a timeout of a couple o seconds after set document.domain where the iframe is on page, and then call your second page within the iframe.
you need to set the SRC value of your iframe, a couple of seconds after you set document.domain on IE8 and it will work..

Here's a thread with a lot of comments about a few possible problems:
http://waelchatila.com/2007/10/31/1193851500000.html
Note that I did not test this, as I don't have IE. Unfortunately, neither seem to convincing from my perspective - try it and see if it works for you.
So, from the above post, it seems there are two possible causes:
The post alleges IE requires all documents to have the same domain. If you have more documents (iframes and such), try removing them and testing with just these two (main and iframe)
See the last comment in the post - it might just be a race condition. Try putting it in a setTimeout with a few seconds of waiting after both pages have set document.domain to the same value

I ran in the same issue and using a timeout didn't solve the issue.
As I had another site with similar settings where all was working fine, I opened both windows side by side and noticed in the status bar at the bottom that one was under "Local Intranet" while the other was under "Trusted Sites".
This led me to another point to check : make sure that both sub-domains appear in the same Security Zone in IE's Internet Security Properties ! If they don't, then you'll have a "Permission denied" error.

Related

Javascript error: window.parent.frames[0].getElementById - works fine on first load then fail

I have a page that has multiple iframes in it:
parent
|___iframe1
|___iframe2
|___iframe3
iframe1 has a form with some hidden values. I need ( at least ) one of those values on iframe2
Here's my code
<script type="text/javascript">
alert(parent.frames[0].document.getElementById("UserID").value);
</script>
The first time the site loads, this page works fine. I get my testing popup. iframe1 is a bunch of tabs that reload iframe2. When the user ends up navigating back to the tab that includes my script I get a null reference for parent.frames[0].
I'm pulling my hair out trying to fix this and would appreciate any assistance.
I can get this to replicate 100% of the time in Firefox & IE. With Chrome & Safari it's less so. Not in that the value is null less often, but MORE often than not the information is not accessible and I'm just not sure what I'm doing wrong.
Edit for ease of visibility: These frames are ALL on the same domain, same protocol & port.
While I AM implementing the use of easyXDM so that I can pass some data to another site, I have this issue if I include easyXDM or not.
Thanks!
It looks like it's due to the onLoad as suggested by ddr2. If you post this as an answer I'll be happy to flag it as the proper one.
I'm kinda bummed I didn't think of that :(

communication between an iframe and the page its part of through javascript in ie8

I have seen many questions like this but have not found anything that seems to help with my specific situation so I apologize if this question seems repetitive.
I have a site www.foo.com and have an iframe in it. When information I click on an a tag in foo.com a javascript function is called that passes a new image to the iframe to show the user. The communication between iframe and its "parent" seems to work fine on all browsers EXCEPT RANDOM IE8 PAGES. I get the following error message "access is denied" and the browser points to the function that has been activated. Following is a piece of code from the site to see how it works.
the iframe:
<iframe scrolling="no" src="foo.com/bar" id="ifram" name="ifram"></iframe>
the a tag:
The javascript:
if($(this).val() == '242'){
document.getElementById('ifram').style.border='0px';
document.getElementById('ifram').style.background = "url('../product_images/uploaded_images/Flag.jpg')";
document.frames.ifram.document.body.style.backgroundColor="transparent";
This is just a snippet of a code and does not include the whole process of the ajax call to get the image but was not sure if the ajax is part of the issue. I get an undefined error in firefox but the function still fires . I am assuming I would just need to use window.frames for firefox.
Overall, any help on how to resolve this issue would be appreciated. I am wondering if there is a security issue that has to do with browser settings or if its part of how I coded.
Thanks in advance
It's important to note that if your iframe tag is on a page located at http://www.foo.com but the iframe points to http://foo.com it's considered a sandboxing violation and you'll get access denied. Make sure you're pointing to the same domain as your page is on. You can use relative URLs in the iFrame src tag, too, so you can change it to src="bar.php" (without any domain information).
You dont need to use document.frames before document.frames.ifram.document.body.style.backgroundColor = "#ccc";. Just ifram.document.body.style.backgroundColor = "#ccc"; will do.

chrome unable to get top.document after changing url

I am not using any plugins or frameworks.
I have some local help pages (which will not be hosted on a server), most of which need to be loaded into a frame. So, duringonload, I check if the page is in a frame or not:
top.document.location.href == document.location.href
and if this is true, and therefore the page is not in a frame, then I
top.document.location.href = "frame.html?info="+document.location.href;
Now, when frame.html?info=stuff.html loads, I can get the info parameter from:
`top.document` or `window.top.document`
and load that page into a frame as intended.
This all works as intended on Safari, IE9, and Opera. It does not work in Chrome. Instead, top.document and window.top.document are both undefined after frame.html is loaded.
How should I get the top URL and, more importantly, its parameters when I load frame.html?info=...
If it is helpful, I believe this behavior is because of this issue.

Why does this document.write iframe ads code completely break Internet Explorer?

So, I'm trying to find an answer to why this problem is happening; I've fixed the problem, but I want to know why it happened.
TL;DR
Google-provided conversion tracking code that injected an iframe using document.write suddenly caused the page to cease to execute in all versions of Internet Explorer, but was remedied by injecting the same iframe using a non-document.write method.
The Story:
Doubleclick is an advertising network that provides a JavaScript snippet to track conversions from ads.
The snippet they give looks like this:
<SCRIPT language="JavaScript">
var axel = Math.random()+"";
var a = axel * 10000000000000;
document.write('<IFRAME SRC="https://fls.doubleclick.net/activityi;src=143;type=donat01;cat=indir4;ord=1;num='+ a + '?" WIDTH=10 HEIGHT=10 FRAMEBORDER=0></IFRAME>');
</SCRIPT>
<NOSCRIPT>
<IFRAME SRC="https://fls.doubleclick.net/activityi;src=143;type=donat01;cat=indir4;ord=1;num=1?"
WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
</NOSCRIPT>
Now, I know that, for all sorts of reasons, document.write is hazardous and should be avoided. But, Google is giving me this code, so, I figured I could trust it.
It suddenly started breaking all of our pages for all users using Internet Explorer. As in, the page would stop rendering entirely once it hit the document.write. This was crazy: One of the largest third party advertisers on the internet had given me JavaScript that had LITERALLY broken my purchase pages for 25% of my traffic!
As triage, I quickly substituted in the same code using the injection technique found in Google Analytics:
var iframe = document.createElement('iframe');
iframe.src = //the URL;
iframe.width = 0;
iframe.height = 0;
iframe.frameborder = 0;
var ref = document.getElementsByTagName('script')[0];
ref.parentNode.insertBefore(iframe, ref);
This resolved the problem, without actually explaining:
Why does a nearly empty iframe, injected using document.write, break Internet Explorer, but this method above doesn't?
I've solved the problem; it turns out that it had nothing to do with the contents of the <iframe>.
It turns out the page is served by a framework that began using a backend DOM parser that, for reasons likely related to the presence of </ within a <script> tag within the document.write, completely removes the </iframe> closing tag from the generated page, even though it preserves it in the backend. (It's probably trying to enforce ETAGO rules).
The reason I was able to reproduce it was because I was copying the generated document.write code, not the original code, and never noticed the missing </iframe>. (And my "functioning" document.write code didn't have the stripped out </iframe> tag, leading me to believe that the problem was the contents of the iframe.)
As a result, browsers parsed an unclosed <iframe> tag on the page, which Internet Explorer didn't know how to handle, and died part way through the parsing of the iframe (I'm still not totally sure why).
document.write() blocks further page rendering until it finishes. I assume that the remote script was taking a while to load, and thus blocking the rest of the page from loading.
I also assume that Math.Random() function doesn't help matters.
Also...Google's tracking codes scare me...they tend to be ugly hacks of javascript.
There is 2 reasons why the first method should be slow.
document.write() blocks until it is actually performed
the window’s onload event doesn’t fire until all its iframes, and all the resources in these iframes, have fully loaded
Your solution works because the iframe it creates does not request the remote url until after the onload event. Having a set timeout on the first code, you would also get the page to load, then the request to the remote url to fire.
As to why the change of code broke the site, I can not seem to find any speed differences transferring between the two. Maybe it seemed faster because it was cached.
I don't know about the structure of your site, but normally the first script tag is in the <head>. An iframe in the <head> wouldn't be rendered. I'll wager if you did document.body.getElementsByTagName('script')[0] you would probably have similar issues to the one you described above.
Seems you're having a similar problem that I had several months back. The document.write triggers, and overwrites the page. Just use the iframe directly, and everything should be kosher.
I tried replicating your issue but couldn't on IE9.
Either I don't have the right test setup or it seems IE prior to IE 9 had some bug. Firefox had a simialr bug: https://bugzilla.mozilla.org/show_bug.cgi?id=293633
Maybe its a combination of unclosed iframe and something inside the page that's being rendered.

Refresh iframe in javascript

I tried to run a line of code as the following:
document.getElementById('frame0').contentDocument.location.reload(true); to force iframe to refresh or reload but I got the error like "permission denied" in firefox. Does anyone know why? and help to offer a solution? Thanks!
It is probably because of crossdomain issues - looks like your iframes content is from another domain as your mainframe (from which you run your js code). FF is very restrictive concerning crossdomains.
You can't reload a document that comes from a different hostname, due to the Same origin policy, which applies in all browsers.
You would have to remove the iframe from the page and replace it with a new one:
var iframe= document.getElementById('frame0');
var newiframe= document.createElement('iframe');
newiframe.src= iframe.src;
iframe.parentNode.replaceChild(newiframe, iframe);
However this will load the original src of the <iframe>, which won't be the same as the current location if the user has navigated the page since.

Categories

Resources