You are here: irt.org | FAQ | JavaScript | NotABug | Q1079 [ previous next ]
Symptom: Trying to get the url or title of page loaded in the other frame results in many errors.
Affects: All browsers version 3 and up.
Reason: Access to all information about documents from other domains is restricted on purpose. Imagine someone setting up a page with stock information and links to your online stockexchange. Using hidden frames or tiny windows, a script could monitor links and keystrokes and perhaps grab sensitive information A more benign intrusion could be to monitor your browsing session, compiling information about your favorite sites and sell that info to ad agencies.
Workaround: Netscape will allow signed scripts to request access.
Here is an example of a request that needs signing if it is to run from the web:
<HTML>
<HEAD>
<SCRIPT>
function showUrl() {
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
alert(top.frames[1].location.href);
netscape.security.PrivilegeManager.disablePrivilege("UniversalBrowserRead");
}
</SCRIPT>
</HEAD>
<FRAMESET COLS="10%,*" onLoad="showUrl()">
<FRAME SRC="javascript:' '">
<FRAME SRC="http://www.netscape.com">
</FRAMESET>
</HTML> More info about signing can be found at http://developer.netscape.com/library/documentation/signedobj/signtool/index.htm