?
Solved

Security error with JavaScript in Firefox browser

Posted on 2005-03-17
32
Medium Priority
?
1,004 Views
Last Modified: 2008-03-10
I like to know why a  JavaScript program that works fine in IE6.0 does not behave right in the FireFox browser.
If  the forward, backward  or  'reload current page' button in the  FireFox browser  is pressed,
the JavaScript events (on Mouseover for instance) does not work anymore
and the pictures vanish.

The JavaScript Console says:
Security Error: Content at wyciwyg ://0/file:///.../index.html may not
load or link to file:///.../index.html
and:
error: uncaught exception: Permission denied to get property HTMLDocument.clear

Below are some  parts that show the way I programmed it:
Referencing the 'uncaught error', as you see 'doc.clear' is called in the function DrawTree():
1)  In 'index.html':
<head>
  <script src="menu.js"></script>
</head>
<frameset cols="235,*"  onLoad='top.initializeTree()'>
   <frame src="./treeframe.html" name="treeframe">
   <frame src="./content.html" name ="content">
</frameset>

2)  In 'menu.js':
var doc=""
function DrawTree()
{      doc.clear()
      doc.writeln("<html><body bgcolor='white'>",    
            "<table border=0 cellspacing=0 cellpadding=0>")
      treeindex = 0
      lastarr[0] = true      

      tree[lasttreeindex][5] = true
      tree[0][5] = true
      tree[0][4] = true
      DrawSubTree(0)
      doc.writeln("</table></body></html>")
      doc.close()
}

function initializeTree()
{      menu()
      lasttreeindex = treeindex
      DetectLast()      
      treeindex = 0
      doc = parent.treeframe.window.document
      DrawTree()
}
0
Comment
Question by:fredhart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 18
  • 14
32 Comments
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13567359
clear is not needed since a write after a close or a load will clear the page anyway.
0
 

Author Comment

by:fredhart
ID: 13569070
Hello mplungjan,

 I tried that (removing doc.clear) and it still works, but it is not the essence.
Than the error message is:  permission denied for the next statement,
in this case: doc.writeln(...)

I suppose that there must be something to make the script accessable
for acting on the document.

0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13570158
Perhaps you should try

  onLoad="setTimeout('top.initializeTree()',1000)">
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:fredhart
ID: 13570592
I changed it this way now:

<head>
  <script src="http://213.10.139.37/menu.js"></script>
</head>
<frameset cols="235,*"  onLoad="setTimeout('top.initializeTree()',1000)">
   <frame src="http://213.10.139.37/treeframe.html" name="treeframe">
   <frame src="http://213.10.139.37/content.html" name ="content">
</frameset>

If you type in the firefox browser this address: 213.10.139.37  you can see what happens.

1) click on the folder to open the tree
2) click on the reload button, and the tree vanish
3) click on the backward button and it vanishes as well
4) click many times on the backward button until a previous site is showing up and then again
    clicking the forward button, and it works again.
0
 

Author Comment

by:fredhart
ID: 13570660
I have to add the next line to my previous comment:
 opening at the server is as above, from an other computer de tree shows no reactions.
0
 

Author Comment

by:fredhart
ID: 13570783
Adding again: if  I change the file as follows (using JavaScript1.2 and removing the setTimeout)
than the reload button in the firefox browser reacts normal.
But the forward and backward button behave wrong.
<HTML>
<HEAD>
      <title>Tree</title>
      <META HTTP-EQUIV="Tree" CONTENT="no-cache">
      <script language="JavaScript1.2" src="http://213.10.139.37/menu.js"></script>
</HEAD>
<FRAMESET cols="235,*" onLoad="top.initializeTree()">  
        <FRAME src="http://213.10.139.37/treeframe.html" name="treeframe">
        <FRAME SRC="http://213.10.139.37/home.html" name="home">
</FRAMESET>
</HTML>
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13572042
and if you remove all the http://213.10.139.37 ???
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13572048
Ohhhh change

<a href='javascript:top.CloseSubTree(1)'

to

<a href='#' onClick='top.CloseSubTree(1); return false'

 Michel
0
 
LVL 75

Accepted Solution

by:
Michel Plungjan earned 150 total points
ID: 13572053
e.g. cahnge ALL
<a href="javascript:something()"
to
<a href="#:"
onClick="something(); return false"

Veel success
0
 

Author Comment

by:fredhart
ID: 13573903
Michel,
I changed the href and the security error is solved,  you made me happy.
Probably you can see that I do my first steps in JavaScript.
But I have still minor problems:
1) windows and  IE: reload button works : the tree behaves normal
                                  back button: first click on a folder does nothing, second click does the job
2) windows and Firefox: reload button, backward button forward button:  and than click a  folder initialises the tree
3) Linux user and Firefox: reload button, backward and forward button: all pictures of the tree vanish.
4) Linux Apache server as root, and Firefox: all works fine.

I suppose that it has something to do with initialising at reload.
Because I have no statements for  initialising at reloading,
each different system is free to make his own decision at reload.

What shall I do?  Closing this topic and give you the 50's and start a new question about this, or
shall I go on and increase the Point value to 100?

regards Fred
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13575152
I have enough points...

I would set a cookie and read it at load

Michel
0
 

Author Comment

by:fredhart
ID: 13579391
To Michel,
It took me a moment before I understood that
not you, but I had to set a cookie and read it at load.
I have tried it, and I did some research.
The backward and forward button never forces a reload,
it  allways does a read from the cash, thus a loss
of the .gif files used in the menu-tree is possible.
I have tried the next meta's:
    <meta http-equiv="cache-control"  content="max-age=0">

    <meta http-equiv="cache-control" content="must-revalidate">

    <meta http-equiv="cache-control" content="no-cache">      

    <meta http-equiv="refresh" content="-1">
but all computer systems react different on those statements.
It is  not for sure that caching will not occur.
Because this  is client-side JavaScript I believe there is no solution.
Maybe I have to  rewrite the program in the trusty Perl to be on server-side
( I hope I am not using bad language).
I like to hear your opinion about this stuff.

groet Fred.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13579715
Not a reload, but the script will execute if it is told to by the cookie.
Try alerting the cookie onLoad
0
 

Author Comment

by:fredhart
ID: 13579802
Adding to my previous comment:

The reason why I believe there is no solution:
For security reasons Mozilla browsers accept only JavaScript  
from the original site, thus reading from the cash is out of the question.
The backward en forward buttons force a read from the cash.
So we have an unsolvable contradiction.
If ( what I said )  { this is the end of the story} else { I can go on}  ;
0
 

Author Comment

by:fredhart
ID: 13579820
Tomorrow I go on with your latest remark.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13581457
I would be surprised if that was true... It is up to firefox to make sure that scripts read from cache are safe to re-execute.

There is something else happening...
0
 

Author Comment

by:fredhart
ID: 13581774

I show you why I made that conclusion:
see:  http://www.mozilla.org/projects/security/components/same-origin.html
quote:
---------------------------------------------------
                                            The Same Origin Policy
The same origin policy prevents document or script loaded from one origin from getting or setting properties of a document from a different origin. The policy dates from Netscape Navigator 2.0.
---------------------------------------------------

The treeframe.html is  dynamical an local written by menu.js.
The essential question is: what is the origin of treeframe.html?  
I suppose that the Mozilla browsers take the original site for a dynamical written script
Maybe it is possible to change the domain with the statement: document.domain="file://" or something like that

You wrote (03/19/2005 01:48AM CET)
 "Not a reload, but the script will execute if it is told to by the cookie.
Try alerting the cookie onLoad"

I  like to do that, but I don't know how:
Because I think that:
1) It will be executed local, thus from the wrong domain,n so you can't get the cookie property
2) The backward button does not do a reload, so the event "onLoad" shall not trigger.
0
 

Author Comment

by:fredhart
ID: 13581781
adding to previous comment:
About document.domain="..." does not work because it is about an other domain
(see again article: The Same Origin Policy)
0
 

Author Comment

by:fredhart
ID: 13590716
Michel,
   I am sorry being so boring,
I have tested the forward and backward button and I saw (with alert)  that they fire
the onLoad and onUnload event in the combination: Linux, FireFox.
So I have to find a way to do: onLoad(' load again from the original site')
I don't understand what you mean with: ' alerting the cookie onLoad'
Please  give me a clou?
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13590735
<html>
<head>
<script>
alert('Before:'+document.cookie)
docuent.cookie='loaded=true'
</script>
</head>
<body onLoad="alert('After:' + document.cookie)">
Did it show?
</body>
<html>
0
 

Author Comment

by:fredhart
ID: 13591462
This is how I used your proposal, if you try it with the combination: 'Linux,Firefox'
you will see the picture vanishing. (213.10.139.37 , I will let it stay for a while)
index.html:
<HTML>

<HEAD>

      <script language="JavaScript1.2" src="./menu2.js"></script>

</HEAD>


<FRAMESET cols="235,*" onLoad="setTimeout('top.initializeThis()',1000)">  

        <FRAME src="./treeframe.html" name="treeframe">

        <FRAME src="./home.html" name="home">

</FRAMESET>

</HTML>


menu2.js:
function writeShowCookieOnload()
{
  var folder= "'./roodlamp.gif'"
doc.clear()
doc.writeln("<html>")
doc.writeln("  <head>")
doc.writeln("    <script>")
doc.writeln("      alert('Before:'+document.cookie)")
doc.writeln("      document.cookie='loaded=true'")
doc.writeln("    </script>")
doc.writeln("  </head>")
doc.writeln("  <body onLoad=\"alert('After:' + document.cookie)\">")
doc.writeln("    Did it show the alert?")
doc.writeln("<br><img src=", folder, " width=24 height=22 border=0>",

                                    "and does it show this red lamp picture?")      
doc.writeln("  </body>")
doc.writeln("<html>")
doc.close()
}

function initializeThis()

{      doc = top.treeframe.window.document

  writeShowCookieOnload()
}

0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13591966
Ok, I have no problem with FF1.01 on win2k so perhaps it is a linux thing
0
 

Author Comment

by:fredhart
ID: 13592625
Yes I know,
I told you already in: Date: 03/18/2005 02:01PM CET

In Dutch they say: "Waar geen weg is, is een omweg"
Do we have to wait for a Linux update in this case?
Lets make it recursive go to: Date: 03/19/2005 02:01AM CET

I wait for your last remark and  then we can end this topic, ok?

0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13594216
File a bug at bugzilla.

Ik ken verder geen omweg hier. Sorry.
0
 

Author Comment

by:fredhart
ID: 13594572
Thanks Michell
You helped me a lot.
The bug is filed at bugzilla, nr:151699
Accepted answere:  Date: 03/18/2005 07:11AM CET
We can close the subject.
0
 

Author Comment

by:fredhart
ID: 13594795
PS for Michel:
In your Member Profile: "I accept elance requests",  I suppose it has to be "I accept freelance requests".
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13595576
nope.

Freelance via email = elance
0
 

Author Comment

by:fredhart
ID: 13596197
Ok, did not know that abbrev, cu.
0
 

Author Comment

by:fredhart
ID: 13601925
Michel,
I have found the solution.
Because you can help other people with this stuff, I felt obliged to send it to you.
What I experienced is:
In the Mozilla browsers Javascript  does not solve forward references.
So forward references are not allowed.
This setup will do:
--------------------------------------------
<html>

<head></head>
<body onLoad="this.initialize() ; return true">

<iframe height="400" width="180" id = "imenuframe" name = "imenuframe">

</iframe>

<script language="javascript" type="text/javascript">

// <!--

// Put here the javascript program


var doc = imenuframe.document  // reference to the iframe, no forwarding anymore
        . . .
 // Suppose the main function is named: initialize
   function initialize(){}
   initialize()

// -->

</script>

</body>


</html>

------------------------------------------------

regards Fred.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13605123
Ok, thanks. Hard to actually realize there WAS a forward reference in the code
0
 

Author Comment

by:fredhart
ID: 13633838
Michel,

At last:
JavaScript has a solution for solving forward references, you have to use  'defer'.
The solution is unbelievable simple and I can use my original script again.
<head>
   <script src='menu.js'  defer></script>
</head>
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 13633996
Okeee, that is an old attribute I did not know still existed. Never had to use it..
Great you can use it
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Part 1 (http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/A_7849-Hex-Maze.html) we covered the hexagonal maze basics -- how the cells are represented in a JavaScript array and how the maze is displayed.  In this part, we'…
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question