cross domain scripting problem in IE6 (not IE7)

[codefragment]

Hi
We have a website that has just had some SSL changes made to it.
Specifically the iframe src was changed to 'javascript:new String("")'
as about:blank prompts a message about "mixed content on pages'

Now we get a message "Access is denied" when accessing anything in an
iframe using
TopDocument().frames["iframe_theID']

TopDocument() is top.window.document (I think its the equivilent)

This is in IE6, this same code works in IE7. This is also only off one
machine, when installed on another machine it seems to work. Begs the
question what happens when it goes to customers (yes, some still have
IE6)

Any ideas?

 

[Joost Diepenmaat]

Hi
We have a website that has just had some SSL changes made to it.
Specifically the iframe src was changed to 'javascript:new String("")'
as about:blank prompts a message about "mixed content on pages'
Ugh.

Now we get a message "Access is denied" when accessing anything in an
iframe using
TopDocument().frames["iframe_theID']

TopDocument() is top.window.document (I think its the equivilent)

It's probably not.

This is in IE6, this same code works in IE7. This is also only off one
machine, when installed on another machine it seems to work. Begs the
question what happens when it goes to customers (yes, some still have
IE6)

Any particular reason you don't initialize the iframe with a blank page
hosted on the same server as the rest of the page?

 

[codefragment]

Hi
  We have a website that has just had some SSL changes made to it.
Specifically the iframe src was changed to 'javascript:new String("")'
as about:blank prompts a message about "mixed content on pages'
Ugh.

Now we get a message "Access is denied" when accessing anything in an
iframe using
TopDocument().frames["iframe_theID']

TopDocument() is top.window.document (I think its the equivilent)

It's probably not.

This is in IE6, this same code works in IE7. This is also only off one
machine, when installed on another machine it seems to work. Begs the
question what happens when it goes to customers (yes, some still have
IE6)

Any particular reason you don't initialize the iframe with a blank page
hosted on the same server as the rest of the page?

Assuming I have a blank page at the root of my website/virtual
directory, I don't know how my website has been deployed, and the
iframe is being created from some nested url do you have some example
javascript?

 

[Joost Diepenmaat]

Ugh.

[ ... ]
Assuming I have a blank page at the root of my website/virtual
directory, I don't know how my website has been deployed, and the
iframe is being created from some nested url do you have some example
javascript?

Assuming your initial html file is in the same "directory":

<iframe src="blank_page.html"></iframe>

 

[codefragment]

Assuming I have a blank page at the root of my website/virtual

Assuming your initial html file is in the same "directory":

<iframe src="blank_page.html"></iframe>

It won't be in the majority of cases, i.e. we use lots of iframes on
many different pages for various reasons. The problem I have is that
the url for my site might be
http://machine:port/Base (website)

or

http://machine:port/vdname/Base (virtual directory)

location only seems to give you address up to the port while vdname
(virtual directory name) is unknown.

Also the webpages (70+) are all in various folders so the iframe is
likely to be on a page somewhere in a folder but not at the root. I
don't want to put blank.html files in every folder.

This is asp.net so I can use that to get the url but I -believe- (may
not be true) that the folder asp.net shows you may not be the real
one, due to some kind of mapping?

thanks for the reply