G
Guest
I have the following arrangement working under Netscape 3 / Unix, IE6 /
Win and Konqueror / Linux, but NOT under Netscape 7 Unix or Mozilla
Linux (silently fails) nor under Netscape 4 Unix (fails with message
"access disallowed from scripts at XXXX to documents at another
domain").
1) I have a frameset http://host/PATH/pinco,html in whose HEAD I
define javascript functions like :
function changeItem(i,v) {
top.frames["UP"].document.myform.elements.value = v ;
}
2) the upper frame of the frameset contains a page
http://host/PATH/pincoform,html containing a form, whose
action is a java servlet http://host:8080/servlet/myStuff
the form contains a table of input areas
<td><input name="item01" size=3 maxlength=5 value=" "></td>
<td><input name="item02" size=3 maxlength=5 value="0"></td>
...
<td><input name="item10" size=3 maxlength=5 value="0"></td>
(contains also several checkboxes, radiobuttons etc.)
3) in one usage mode, the user enters a number in the first
input area, and clicks on a Load button. This calls the Java
servlet, which searches a mysql database for records where
acertaincolumn=number
4) the servlet writes into the lower frame. In the simplest case
(single entry match in the database), it writes some
javascript code and some HTML
<SCRIPT>
top.frames['UP'].document.myform.reset()
parent.changeItem(1,wishednumber)
parent.changeItem(2,areturnedvalue)
...
parent.changeItem(10,anothervalue)
</SCRIPT>
loading completed for source wishednumber
the result is to load into the cells of the form in the upper frame
the returned values (it also ticks some of the checkboxes /
radiobuttons)
5) I use javascript code generated by the Java servlet to modify the
form content, instead of generating the entire HTML code of the
upper frame from within the servlet, for simplicity and convenience
the same servlet can manage (WITHOUT modifications to the code) a
couple of different framesets and forms (e.g. http://host/PATH/pinco,html
and http://host/PATH/panco,html, http://host/PATH/pincoform,html and
http://host/PATH/pancoform,html)
All parametric peculiarities (mysql table name. number and name of
mysql columns) are in fact hardcoded as hidden fields
in the form, and I do not need to recompile the servlet if I change
something.
All this thing is intended for use by a small number of users (3-4)
however located in different places.
In the error message of Netscape 4 "access disallowed from scripts at
XXXX to documents at another domain", XXXX is the name of the java
servlet. Excepted the use of port 8080, the servlent is on the same
host as the web pages.
I gather (google) that the message refers to a security device to avoid
a "pirate" javascript modifying a form, but my intended usage is wished
and legitimate.
I can't find a way to disable this behaviour at "browser preferences"
level for Netscape 4, 7 and Mozilla (the browser which my correspondents
intend to use)
a) CAN one disable this behaviour at browser level ?
b) can it be bypassed otherwise ?
c) is the above diagnosis correct, or is there another problem
(e.g. timing ? ... in other cases I had a CGI [shell]
script updating the GIF loaded as image[xyz].src, and I noticed
that a delay at javascript level was required, of the sort
t=setTimeout('parent.ctrl.location.reload()',1500)
Win and Konqueror / Linux, but NOT under Netscape 7 Unix or Mozilla
Linux (silently fails) nor under Netscape 4 Unix (fails with message
"access disallowed from scripts at XXXX to documents at another
domain").
1) I have a frameset http://host/PATH/pinco,html in whose HEAD I
define javascript functions like :
function changeItem(i,v) {
top.frames["UP"].document.myform.elements.value = v ;
}
2) the upper frame of the frameset contains a page
http://host/PATH/pincoform,html containing a form, whose
action is a java servlet http://host:8080/servlet/myStuff
the form contains a table of input areas
<td><input name="item01" size=3 maxlength=5 value=" "></td>
<td><input name="item02" size=3 maxlength=5 value="0"></td>
...
<td><input name="item10" size=3 maxlength=5 value="0"></td>
(contains also several checkboxes, radiobuttons etc.)
3) in one usage mode, the user enters a number in the first
input area, and clicks on a Load button. This calls the Java
servlet, which searches a mysql database for records where
acertaincolumn=number
4) the servlet writes into the lower frame. In the simplest case
(single entry match in the database), it writes some
javascript code and some HTML
<SCRIPT>
top.frames['UP'].document.myform.reset()
parent.changeItem(1,wishednumber)
parent.changeItem(2,areturnedvalue)
...
parent.changeItem(10,anothervalue)
</SCRIPT>
loading completed for source wishednumber
the result is to load into the cells of the form in the upper frame
the returned values (it also ticks some of the checkboxes /
radiobuttons)
5) I use javascript code generated by the Java servlet to modify the
form content, instead of generating the entire HTML code of the
upper frame from within the servlet, for simplicity and convenience
the same servlet can manage (WITHOUT modifications to the code) a
couple of different framesets and forms (e.g. http://host/PATH/pinco,html
and http://host/PATH/panco,html, http://host/PATH/pincoform,html and
http://host/PATH/pancoform,html)
All parametric peculiarities (mysql table name. number and name of
mysql columns) are in fact hardcoded as hidden fields
in the form, and I do not need to recompile the servlet if I change
something.
All this thing is intended for use by a small number of users (3-4)
however located in different places.
In the error message of Netscape 4 "access disallowed from scripts at
XXXX to documents at another domain", XXXX is the name of the java
servlet. Excepted the use of port 8080, the servlent is on the same
host as the web pages.
I gather (google) that the message refers to a security device to avoid
a "pirate" javascript modifying a form, but my intended usage is wished
and legitimate.
I can't find a way to disable this behaviour at "browser preferences"
level for Netscape 4, 7 and Mozilla (the browser which my correspondents
intend to use)
a) CAN one disable this behaviour at browser level ?
b) can it be bypassed otherwise ?
c) is the above diagnosis correct, or is there another problem
(e.g. timing ? ... in other cases I had a CGI [shell]
script updating the GIF loaded as image[xyz].src, and I noticed
that a delay at javascript level was required, of the sort
t=setTimeout('parent.ctrl.location.reload()',1500)