fredhart
asked on
Security error with JavaScript in Firefox browser
I like to know why a JavaScript program that works fine in IE6.0 does not behave right in the FireFox browser.
If the forward, backward or 'reload current page' button in the FireFox browser is pressed,
the JavaScript events (on Mouseover for instance) does not work anymore
and the pictures vanish.
The JavaScript Console says:
Security Error: Content at wyciwyg ://0/file:///.../index.htm l may not
load or link to file:///.../index.html
and:
error: uncaught exception: Permission denied to get property HTMLDocument.clear
Below are some parts that show the way I programmed it:
Referencing the 'uncaught error', as you see 'doc.clear' is called in the function DrawTree():
1) In 'index.html':
<head>
<script src="menu.js"></script>
</head>
<frameset cols="235,*" onLoad='top.initializeTree ()'>
<frame src="./treeframe.html" name="treeframe">
<frame src="./content.html" name ="content">
</frameset>
2) In 'menu.js':
var doc=""
function DrawTree()
{ doc.clear()
doc.writeln("<html><body bgcolor='white'>",
"<table border=0 cellspacing=0 cellpadding=0>")
treeindex = 0
lastarr[0] = true
tree[lasttreeindex][5] = true
tree[0][5] = true
tree[0][4] = true
DrawSubTree(0)
doc.writeln("</table></bod y></html>" )
doc.close()
}
function initializeTree()
{ menu()
lasttreeindex = treeindex
DetectLast()
treeindex = 0
doc = parent.treeframe.window.do cument
DrawTree()
}
If the forward, backward or 'reload current page' button in the FireFox browser is pressed,
the JavaScript events (on Mouseover for instance) does not work anymore
and the pictures vanish.
The JavaScript Console says:
Security Error: Content at wyciwyg ://0/file:///.../index.htm
load or link to file:///.../index.html
and:
error: uncaught exception: Permission denied to get property HTMLDocument.clear
Below are some parts that show the way I programmed it:
Referencing the 'uncaught error', as you see 'doc.clear' is called in the function DrawTree():
1) In 'index.html':
<head>
<script src="menu.js"></script>
</head>
<frameset cols="235,*" onLoad='top.initializeTree
<frame src="./treeframe.html" name="treeframe">
<frame src="./content.html" name ="content">
</frameset>
2) In 'menu.js':
var doc=""
function DrawTree()
{ doc.clear()
doc.writeln("<html><body bgcolor='white'>",
"<table border=0 cellspacing=0 cellpadding=0>")
treeindex = 0
lastarr[0] = true
tree[lasttreeindex][5] = true
tree[0][5] = true
tree[0][4] = true
DrawSubTree(0)
doc.writeln("</table></bod
doc.close()
}
function initializeTree()
{ menu()
lasttreeindex = treeindex
DetectLast()
treeindex = 0
doc = parent.treeframe.window.do
DrawTree()
}
clear is not needed since a write after a close or a load will clear the page anyway.
ASKER
Hello mplungjan,
I tried that (removing doc.clear) and it still works, but it is not the essence.
Than the error message is: permission denied for the next statement,
in this case: doc.writeln(...)
I suppose that there must be something to make the script accessable
for acting on the document.
I tried that (removing doc.clear) and it still works, but it is not the essence.
Than the error message is: permission denied for the next statement,
in this case: doc.writeln(...)
I suppose that there must be something to make the script accessable
for acting on the document.
Perhaps you should try
onLoad="setTimeout('top.in itializeTr ee()',1000 )">
onLoad="setTimeout('top.in
ASKER
I changed it this way now:
<head>
<script src="http://213.10.139.37/menu.js"></script>
</head>
<frameset cols="235,*" onLoad="setTimeout('top.in itializeTr ee()',1000 )">
<frame src="http://213.10.139.37/treeframe.html" name="treeframe">
<frame src="http://213.10.139.37/content.html" name ="content">
</frameset>
If you type in the firefox browser this address: 213.10.139.37 you can see what happens.
1) click on the folder to open the tree
2) click on the reload button, and the tree vanish
3) click on the backward button and it vanishes as well
4) click many times on the backward button until a previous site is showing up and then again
clicking the forward button, and it works again.
<head>
<script src="http://213.10.139.37/menu.js"></script>
</head>
<frameset cols="235,*" onLoad="setTimeout('top.in
<frame src="http://213.10.139.37/treeframe.html" name="treeframe">
<frame src="http://213.10.139.37/content.html" name ="content">
</frameset>
If you type in the firefox browser this address: 213.10.139.37 you can see what happens.
1) click on the folder to open the tree
2) click on the reload button, and the tree vanish
3) click on the backward button and it vanishes as well
4) click many times on the backward button until a previous site is showing up and then again
clicking the forward button, and it works again.
ASKER
I have to add the next line to my previous comment:
opening at the server is as above, from an other computer de tree shows no reactions.
opening at the server is as above, from an other computer de tree shows no reactions.
ASKER
Adding again: if I change the file as follows (using JavaScript1.2 and removing the setTimeout)
than the reload button in the firefox browser reacts normal.
But the forward and backward button behave wrong.
<HTML>
<HEAD>
<title>Tree</title>
<META HTTP-EQUIV="Tree" CONTENT="no-cache">
<script language="JavaScript1.2" src="http://213.10.139.37/menu.js"></script>
</HEAD>
<FRAMESET cols="235,*" onLoad="top.initializeTree ()">
<FRAME src="http://213.10.139.37/treeframe.html" name="treeframe">
<FRAME SRC="http://213.10.139.37/home.html" name="home">
</FRAMESET>
</HTML>
than the reload button in the firefox browser reacts normal.
But the forward and backward button behave wrong.
<HTML>
<HEAD>
<title>Tree</title>
<META HTTP-EQUIV="Tree" CONTENT="no-cache">
<script language="JavaScript1.2" src="http://213.10.139.37/menu.js"></script>
</HEAD>
<FRAMESET cols="235,*" onLoad="top.initializeTree
<FRAME src="http://213.10.139.37/treeframe.html" name="treeframe">
<FRAME SRC="http://213.10.139.37/home.html" name="home">
</FRAMESET>
</HTML>
and if you remove all the http://213.10.139.37 ???
Ohhhh change
<a href='javascript:top.Close SubTree(1) '
to
<a href='#' onClick='top.CloseSubTree( 1); return false'
Michel
<a href='javascript:top.Close
to
<a href='#' onClick='top.CloseSubTree(
Michel
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Michel,
I changed the href and the security error is solved, you made me happy.
Probably you can see that I do my first steps in JavaScript.
But I have still minor problems:
1) windows and IE: reload button works : the tree behaves normal
back button: first click on a folder does nothing, second click does the job
2) windows and Firefox: reload button, backward button forward button: and than click a folder initialises the tree
3) Linux user and Firefox: reload button, backward and forward button: all pictures of the tree vanish.
4) Linux Apache server as root, and Firefox: all works fine.
I suppose that it has something to do with initialising at reload.
Because I have no statements for initialising at reloading,
each different system is free to make his own decision at reload.
What shall I do? Closing this topic and give you the 50's and start a new question about this, or
shall I go on and increase the Point value to 100?
regards Fred
I changed the href and the security error is solved, you made me happy.
Probably you can see that I do my first steps in JavaScript.
But I have still minor problems:
1) windows and IE: reload button works : the tree behaves normal
back button: first click on a folder does nothing, second click does the job
2) windows and Firefox: reload button, backward button forward button: and than click a folder initialises the tree
3) Linux user and Firefox: reload button, backward and forward button: all pictures of the tree vanish.
4) Linux Apache server as root, and Firefox: all works fine.
I suppose that it has something to do with initialising at reload.
Because I have no statements for initialising at reloading,
each different system is free to make his own decision at reload.
What shall I do? Closing this topic and give you the 50's and start a new question about this, or
shall I go on and increase the Point value to 100?
regards Fred
I have enough points...
I would set a cookie and read it at load
Michel
I would set a cookie and read it at load
Michel
ASKER
To Michel,
It took me a moment before I understood that
not you, but I had to set a cookie and read it at load.
I have tried it, and I did some research.
The backward and forward button never forces a reload,
it allways does a read from the cash, thus a loss
of the .gif files used in the menu-tree is possible.
I have tried the next meta's:
<meta http-equiv="cache-control" content="max-age=0">
<meta http-equiv="cache-control" content="must-revalidate">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="refresh" content="-1">
but all computer systems react different on those statements.
It is not for sure that caching will not occur.
Because this is client-side JavaScript I believe there is no solution.
Maybe I have to rewrite the program in the trusty Perl to be on server-side
( I hope I am not using bad language).
I like to hear your opinion about this stuff.
groet Fred.
It took me a moment before I understood that
not you, but I had to set a cookie and read it at load.
I have tried it, and I did some research.
The backward and forward button never forces a reload,
it allways does a read from the cash, thus a loss
of the .gif files used in the menu-tree is possible.
I have tried the next meta's:
<meta http-equiv="cache-control"
<meta http-equiv="cache-control"
<meta http-equiv="cache-control"
<meta http-equiv="refresh" content="-1">
but all computer systems react different on those statements.
It is not for sure that caching will not occur.
Because this is client-side JavaScript I believe there is no solution.
Maybe I have to rewrite the program in the trusty Perl to be on server-side
( I hope I am not using bad language).
I like to hear your opinion about this stuff.
groet Fred.
Not a reload, but the script will execute if it is told to by the cookie.
Try alerting the cookie onLoad
Try alerting the cookie onLoad
ASKER
Adding to my previous comment:
The reason why I believe there is no solution:
For security reasons Mozilla browsers accept only JavaScript
from the original site, thus reading from the cash is out of the question.
The backward en forward buttons force a read from the cash.
So we have an unsolvable contradiction.
If ( what I said ) { this is the end of the story} else { I can go on} ;
The reason why I believe there is no solution:
For security reasons Mozilla browsers accept only JavaScript
from the original site, thus reading from the cash is out of the question.
The backward en forward buttons force a read from the cash.
So we have an unsolvable contradiction.
If ( what I said ) { this is the end of the story} else { I can go on} ;
ASKER
Tomorrow I go on with your latest remark.
I would be surprised if that was true... It is up to firefox to make sure that scripts read from cache are safe to re-execute.
There is something else happening...
There is something else happening...
ASKER
I show you why I made that conclusion:
see: http://www.mozilla.org/projects/security/components/same-origin.html
quote:
--------------------------
The Same Origin Policy
The same origin policy prevents document or script loaded from one origin from getting or setting properties of a document from a different origin. The policy dates from Netscape Navigator 2.0.
--------------------------
The treeframe.html is dynamical an local written by menu.js.
The essential question is: what is the origin of treeframe.html?
I suppose that the Mozilla browsers take the original site for a dynamical written script
Maybe it is possible to change the domain with the statement: document.domain="file://" or something like that
You wrote (03/19/2005 01:48AM CET)
"Not a reload, but the script will execute if it is told to by the cookie.
Try alerting the cookie onLoad"
I like to do that, but I don't know how:
Because I think that:
1) It will be executed local, thus from the wrong domain,n so you can't get the cookie property
2) The backward button does not do a reload, so the event "onLoad" shall not trigger.
ASKER
adding to previous comment:
About document.domain="..." does not work because it is about an other domain
(see again article: The Same Origin Policy)
About document.domain="..." does not work because it is about an other domain
(see again article: The Same Origin Policy)
ASKER
Michel,
I am sorry being so boring,
I have tested the forward and backward button and I saw (with alert) that they fire
the onLoad and onUnload event in the combination: Linux, FireFox.
So I have to find a way to do: onLoad(' load again from the original site')
I don't understand what you mean with: ' alerting the cookie onLoad'
Please give me a clou?
I am sorry being so boring,
I have tested the forward and backward button and I saw (with alert) that they fire
the onLoad and onUnload event in the combination: Linux, FireFox.
So I have to find a way to do: onLoad(' load again from the original site')
I don't understand what you mean with: ' alerting the cookie onLoad'
Please give me a clou?
<html>
<head>
<script>
alert('Before:'+document.c ookie)
docuent.cookie='loaded=tru e'
</script>
</head>
<body onLoad="alert('After:' + document.cookie)">
Did it show?
</body>
<html>
<head>
<script>
alert('Before:'+document.c
docuent.cookie='loaded=tru
</script>
</head>
<body onLoad="alert('After:' + document.cookie)">
Did it show?
</body>
<html>
ASKER
This is how I used your proposal, if you try it with the combination: 'Linux,Firefox'
you will see the picture vanishing. (213.10.139.37 , I will let it stay for a while)
index.html:
<HTML>
<HEAD>
<script language="JavaScript1.2" src="./menu2.js"></script>
</HEAD>
<FRAMESET cols="235,*" onLoad="setTimeout('top.in itializeTh is()',1000 )">
<FRAME src="./treeframe.html" name="treeframe">
<FRAME src="./home.html" name="home">
</FRAMESET>
</HTML>
menu2.js:
function writeShowCookieOnload()
{
var folder= "'./roodlamp.gif'"
doc.clear()
doc.writeln("<html>")
doc.writeln(" <head>")
doc.writeln(" <script>")
doc.writeln(" alert('Before:'+document.c ookie)")
doc.writeln(" document.cookie='loaded=tr ue'")
doc.writeln(" </script>")
doc.writeln(" </head>")
doc.writeln(" <body onLoad=\"alert('After:' + document.cookie)\">")
doc.writeln(" Did it show the alert?")
doc.writeln("<br><img src=", folder, " width=24 height=22 border=0>",
"and does it show this red lamp picture?")
doc.writeln(" </body>")
doc.writeln("<html>")
doc.close()
}
function initializeThis()
{ doc = top.treeframe.window.docum ent
writeShowCookieOnload()
}
you will see the picture vanishing. (213.10.139.37 , I will let it stay for a while)
index.html:
<HTML>
<HEAD>
<script language="JavaScript1.2" src="./menu2.js"></script>
</HEAD>
<FRAMESET cols="235,*" onLoad="setTimeout('top.in
<FRAME src="./treeframe.html" name="treeframe">
<FRAME src="./home.html" name="home">
</FRAMESET>
</HTML>
menu2.js:
function writeShowCookieOnload()
{
var folder= "'./roodlamp.gif'"
doc.clear()
doc.writeln("<html>")
doc.writeln(" <head>")
doc.writeln(" <script>")
doc.writeln(" alert('Before:'+document.c
doc.writeln(" document.cookie='loaded=tr
doc.writeln(" </script>")
doc.writeln(" </head>")
doc.writeln(" <body onLoad=\"alert('After:' + document.cookie)\">")
doc.writeln(" Did it show the alert?")
doc.writeln("<br><img src=", folder, " width=24 height=22 border=0>",
"and does it show this red lamp picture?")
doc.writeln(" </body>")
doc.writeln("<html>")
doc.close()
}
function initializeThis()
{ doc = top.treeframe.window.docum
writeShowCookieOnload()
}
Ok, I have no problem with FF1.01 on win2k so perhaps it is a linux thing
ASKER
Yes I know,
I told you already in: Date: 03/18/2005 02:01PM CET
In Dutch they say: "Waar geen weg is, is een omweg"
Do we have to wait for a Linux update in this case?
Lets make it recursive go to: Date: 03/19/2005 02:01AM CET
I wait for your last remark and then we can end this topic, ok?
I told you already in: Date: 03/18/2005 02:01PM CET
In Dutch they say: "Waar geen weg is, is een omweg"
Do we have to wait for a Linux update in this case?
Lets make it recursive go to: Date: 03/19/2005 02:01AM CET
I wait for your last remark and then we can end this topic, ok?
File a bug at bugzilla.
Ik ken verder geen omweg hier. Sorry.
Ik ken verder geen omweg hier. Sorry.
ASKER
Thanks Michell
You helped me a lot.
The bug is filed at bugzilla, nr:151699
Accepted answere: Date: 03/18/2005 07:11AM CET
We can close the subject.
You helped me a lot.
The bug is filed at bugzilla, nr:151699
Accepted answere: Date: 03/18/2005 07:11AM CET
We can close the subject.
ASKER
PS for Michel:
In your Member Profile: "I accept elance requests", I suppose it has to be "I accept freelance requests".
In your Member Profile: "I accept elance requests", I suppose it has to be "I accept freelance requests".
nope.
Freelance via email = elance
Freelance via email = elance
ASKER
Ok, did not know that abbrev, cu.
ASKER
Michel,
I have found the solution.
Because you can help other people with this stuff, I felt obliged to send it to you.
What I experienced is:
In the Mozilla browsers Javascript does not solve forward references.
So forward references are not allowed.
This setup will do:
-------------------------- ---------- --------
<html>
<head></head>
<body onLoad="this.initialize() ; return true">
<iframe height="400" width="180" id = "imenuframe" name = "imenuframe">
</iframe>
<script language="javascript" type="text/javascript">
// <!--
// Put here the javascript program
var doc = imenuframe.document // reference to the iframe, no forwarding anymore
. . .
// Suppose the main function is named: initialize
function initialize(){}
initialize()
// -->
</script>
</body>
</html>
-------------------------- ---------- ---------- --
regards Fred.
I have found the solution.
Because you can help other people with this stuff, I felt obliged to send it to you.
What I experienced is:
In the Mozilla browsers Javascript does not solve forward references.
So forward references are not allowed.
This setup will do:
--------------------------
<html>
<head></head>
<body onLoad="this.initialize() ; return true">
<iframe height="400" width="180" id = "imenuframe" name = "imenuframe">
</iframe>
<script language="javascript" type="text/javascript">
// <!--
// Put here the javascript program
var doc = imenuframe.document // reference to the iframe, no forwarding anymore
. . .
// Suppose the main function is named: initialize
function initialize(){}
initialize()
// -->
</script>
</body>
</html>
--------------------------
regards Fred.
Ok, thanks. Hard to actually realize there WAS a forward reference in the code
ASKER
Michel,
At last:
JavaScript has a solution for solving forward references, you have to use 'defer'.
The solution is unbelievable simple and I can use my original script again.
<head>
<script src='menu.js' defer></script>
</head>
At last:
JavaScript has a solution for solving forward references, you have to use 'defer'.
The solution is unbelievable simple and I can use my original script again.
<head>
<script src='menu.js' defer></script>
</head>
Okeee, that is an old attribute I did not know still existed. Never had to use it..
Great you can use it
Great you can use it