• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1009
  • Last Modified:

Security error with JavaScript in Firefox browser

I like to know why a  JavaScript program that works fine in IE6.0 does not behave right in the FireFox browser.
If  the forward, backward  or  'reload current page' button in the  FireFox browser  is pressed,
the JavaScript events (on Mouseover for instance) does not work anymore
and the pictures vanish.

The JavaScript Console says:
Security Error: Content at wyciwyg ://0/file:///.../index.html may not
load or link to file:///.../index.html
and:
error: uncaught exception: Permission denied to get property HTMLDocument.clear

Below are some  parts that show the way I programmed it:
Referencing the 'uncaught error', as you see 'doc.clear' is called in the function DrawTree():
1)  In 'index.html':
<head>
  <script src="menu.js"></script>
</head>
<frameset cols="235,*"  onLoad='top.initializeTree()'>
   <frame src="./treeframe.html" name="treeframe">
   <frame src="./content.html" name ="content">
</frameset>

2)  In 'menu.js':
var doc=""
function DrawTree()
{      doc.clear()
      doc.writeln("<html><body bgcolor='white'>",    
            "<table border=0 cellspacing=0 cellpadding=0>")
      treeindex = 0
      lastarr[0] = true      

      tree[lasttreeindex][5] = true
      tree[0][5] = true
      tree[0][4] = true
      DrawSubTree(0)
      doc.writeln("</table></body></html>")
      doc.close()
}

function initializeTree()
{      menu()
      lasttreeindex = treeindex
      DetectLast()      
      treeindex = 0
      doc = parent.treeframe.window.document
      DrawTree()
}
0
fredhart
Asked:
fredhart
  • 18
  • 14
1 Solution
 
Michel PlungjanIT ExpertCommented:
clear is not needed since a write after a close or a load will clear the page anyway.
0
 
fredhartAuthor Commented:
Hello mplungjan,

 I tried that (removing doc.clear) and it still works, but it is not the essence.
Than the error message is:  permission denied for the next statement,
in this case: doc.writeln(...)

I suppose that there must be something to make the script accessable
for acting on the document.

0
 
Michel PlungjanIT ExpertCommented:
Perhaps you should try

  onLoad="setTimeout('top.initializeTree()',1000)">
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
fredhartAuthor Commented:
I changed it this way now:

<head>
  <script src="http://213.10.139.37/menu.js"></script>
</head>
<frameset cols="235,*"  onLoad="setTimeout('top.initializeTree()',1000)">
   <frame src="http://213.10.139.37/treeframe.html" name="treeframe">
   <frame src="http://213.10.139.37/content.html" name ="content">
</frameset>

If you type in the firefox browser this address: 213.10.139.37  you can see what happens.

1) click on the folder to open the tree
2) click on the reload button, and the tree vanish
3) click on the backward button and it vanishes as well
4) click many times on the backward button until a previous site is showing up and then again
    clicking the forward button, and it works again.
0
 
fredhartAuthor Commented:
I have to add the next line to my previous comment:
 opening at the server is as above, from an other computer de tree shows no reactions.
0
 
fredhartAuthor Commented:
Adding again: if  I change the file as follows (using JavaScript1.2 and removing the setTimeout)
than the reload button in the firefox browser reacts normal.
But the forward and backward button behave wrong.
<HTML>
<HEAD>
      <title>Tree</title>
      <META HTTP-EQUIV="Tree" CONTENT="no-cache">
      <script language="JavaScript1.2" src="http://213.10.139.37/menu.js"></script>
</HEAD>
<FRAMESET cols="235,*" onLoad="top.initializeTree()">  
        <FRAME src="http://213.10.139.37/treeframe.html" name="treeframe">
        <FRAME SRC="http://213.10.139.37/home.html" name="home">
</FRAMESET>
</HTML>
0
 
Michel PlungjanIT ExpertCommented:
and if you remove all the http://213.10.139.37 ???
0
 
Michel PlungjanIT ExpertCommented:
Ohhhh change

<a href='javascript:top.CloseSubTree(1)'

to

<a href='#' onClick='top.CloseSubTree(1); return false'

 Michel
0
 
Michel PlungjanIT ExpertCommented:
e.g. cahnge ALL
<a href="javascript:something()"
to
<a href="#:"
onClick="something(); return false"

Veel success
0
 
fredhartAuthor Commented:
Michel,
I changed the href and the security error is solved,  you made me happy.
Probably you can see that I do my first steps in JavaScript.
But I have still minor problems:
1) windows and  IE: reload button works : the tree behaves normal
                                  back button: first click on a folder does nothing, second click does the job
2) windows and Firefox: reload button, backward button forward button:  and than click a  folder initialises the tree
3) Linux user and Firefox: reload button, backward and forward button: all pictures of the tree vanish.
4) Linux Apache server as root, and Firefox: all works fine.

I suppose that it has something to do with initialising at reload.
Because I have no statements for  initialising at reloading,
each different system is free to make his own decision at reload.

What shall I do?  Closing this topic and give you the 50's and start a new question about this, or
shall I go on and increase the Point value to 100?

regards Fred
0
 
Michel PlungjanIT ExpertCommented:
I have enough points...

I would set a cookie and read it at load

Michel
0
 
fredhartAuthor Commented:
To Michel,
It took me a moment before I understood that
not you, but I had to set a cookie and read it at load.
I have tried it, and I did some research.
The backward and forward button never forces a reload,
it  allways does a read from the cash, thus a loss
of the .gif files used in the menu-tree is possible.
I have tried the next meta's:
    <meta http-equiv="cache-control"  content="max-age=0">

    <meta http-equiv="cache-control" content="must-revalidate">

    <meta http-equiv="cache-control" content="no-cache">      

    <meta http-equiv="refresh" content="-1">
but all computer systems react different on those statements.
It is  not for sure that caching will not occur.
Because this  is client-side JavaScript I believe there is no solution.
Maybe I have to  rewrite the program in the trusty Perl to be on server-side
( I hope I am not using bad language).
I like to hear your opinion about this stuff.

groet Fred.
0
 
Michel PlungjanIT ExpertCommented:
Not a reload, but the script will execute if it is told to by the cookie.
Try alerting the cookie onLoad
0
 
fredhartAuthor Commented:
Adding to my previous comment:

The reason why I believe there is no solution:
For security reasons Mozilla browsers accept only JavaScript  
from the original site, thus reading from the cash is out of the question.
The backward en forward buttons force a read from the cash.
So we have an unsolvable contradiction.
If ( what I said )  { this is the end of the story} else { I can go on}  ;
0
 
fredhartAuthor Commented:
Tomorrow I go on with your latest remark.
0
 
Michel PlungjanIT ExpertCommented:
I would be surprised if that was true... It is up to firefox to make sure that scripts read from cache are safe to re-execute.

There is something else happening...
0
 
fredhartAuthor Commented:

I show you why I made that conclusion:
see:  http://www.mozilla.org/projects/security/components/same-origin.html
quote:
---------------------------------------------------
                                            The Same Origin Policy
The same origin policy prevents document or script loaded from one origin from getting or setting properties of a document from a different origin. The policy dates from Netscape Navigator 2.0.
---------------------------------------------------

The treeframe.html is  dynamical an local written by menu.js.
The essential question is: what is the origin of treeframe.html?  
I suppose that the Mozilla browsers take the original site for a dynamical written script
Maybe it is possible to change the domain with the statement: document.domain="file://" or something like that

You wrote (03/19/2005 01:48AM CET)
 "Not a reload, but the script will execute if it is told to by the cookie.
Try alerting the cookie onLoad"

I  like to do that, but I don't know how:
Because I think that:
1) It will be executed local, thus from the wrong domain,n so you can't get the cookie property
2) The backward button does not do a reload, so the event "onLoad" shall not trigger.
0
 
fredhartAuthor Commented:
adding to previous comment:
About document.domain="..." does not work because it is about an other domain
(see again article: The Same Origin Policy)
0
 
fredhartAuthor Commented:
Michel,
   I am sorry being so boring,
I have tested the forward and backward button and I saw (with alert)  that they fire
the onLoad and onUnload event in the combination: Linux, FireFox.
So I have to find a way to do: onLoad(' load again from the original site')
I don't understand what you mean with: ' alerting the cookie onLoad'
Please  give me a clou?
0
 
Michel PlungjanIT ExpertCommented:
<html>
<head>
<script>
alert('Before:'+document.cookie)
docuent.cookie='loaded=true'
</script>
</head>
<body onLoad="alert('After:' + document.cookie)">
Did it show?
</body>
<html>
0
 
fredhartAuthor Commented:
This is how I used your proposal, if you try it with the combination: 'Linux,Firefox'
you will see the picture vanishing. (213.10.139.37 , I will let it stay for a while)
index.html:
<HTML>

<HEAD>

      <script language="JavaScript1.2" src="./menu2.js"></script>

</HEAD>


<FRAMESET cols="235,*" onLoad="setTimeout('top.initializeThis()',1000)">  

        <FRAME src="./treeframe.html" name="treeframe">

        <FRAME src="./home.html" name="home">

</FRAMESET>

</HTML>


menu2.js:
function writeShowCookieOnload()
{
  var folder= "'./roodlamp.gif'"
doc.clear()
doc.writeln("<html>")
doc.writeln("  <head>")
doc.writeln("    <script>")
doc.writeln("      alert('Before:'+document.cookie)")
doc.writeln("      document.cookie='loaded=true'")
doc.writeln("    </script>")
doc.writeln("  </head>")
doc.writeln("  <body onLoad=\"alert('After:' + document.cookie)\">")
doc.writeln("    Did it show the alert?")
doc.writeln("<br><img src=", folder, " width=24 height=22 border=0>",

                                    "and does it show this red lamp picture?")      
doc.writeln("  </body>")
doc.writeln("<html>")
doc.close()
}

function initializeThis()

{      doc = top.treeframe.window.document

  writeShowCookieOnload()
}

0
 
Michel PlungjanIT ExpertCommented:
Ok, I have no problem with FF1.01 on win2k so perhaps it is a linux thing
0
 
fredhartAuthor Commented:
Yes I know,
I told you already in: Date: 03/18/2005 02:01PM CET

In Dutch they say: "Waar geen weg is, is een omweg"
Do we have to wait for a Linux update in this case?
Lets make it recursive go to: Date: 03/19/2005 02:01AM CET

I wait for your last remark and  then we can end this topic, ok?

0
 
Michel PlungjanIT ExpertCommented:
File a bug at bugzilla.

Ik ken verder geen omweg hier. Sorry.
0
 
fredhartAuthor Commented:
Thanks Michell
You helped me a lot.
The bug is filed at bugzilla, nr:151699
Accepted answere:  Date: 03/18/2005 07:11AM CET
We can close the subject.
0
 
fredhartAuthor Commented:
PS for Michel:
In your Member Profile: "I accept elance requests",  I suppose it has to be "I accept freelance requests".
0
 
Michel PlungjanIT ExpertCommented:
nope.

Freelance via email = elance
0
 
fredhartAuthor Commented:
Ok, did not know that abbrev, cu.
0
 
fredhartAuthor Commented:
Michel,
I have found the solution.
Because you can help other people with this stuff, I felt obliged to send it to you.
What I experienced is:
In the Mozilla browsers Javascript  does not solve forward references.
So forward references are not allowed.
This setup will do:
--------------------------------------------
<html>

<head></head>
<body onLoad="this.initialize() ; return true">

<iframe height="400" width="180" id = "imenuframe" name = "imenuframe">

</iframe>

<script language="javascript" type="text/javascript">

// <!--

// Put here the javascript program


var doc = imenuframe.document  // reference to the iframe, no forwarding anymore
        . . .
 // Suppose the main function is named: initialize
   function initialize(){}
   initialize()

// -->

</script>

</body>


</html>

------------------------------------------------

regards Fred.
0
 
Michel PlungjanIT ExpertCommented:
Ok, thanks. Hard to actually realize there WAS a forward reference in the code
0
 
fredhartAuthor Commented:
Michel,

At last:
JavaScript has a solution for solving forward references, you have to use  'defer'.
The solution is unbelievable simple and I can use my original script again.
<head>
   <script src='menu.js'  defer></script>
</head>
0
 
Michel PlungjanIT ExpertCommented:
Okeee, that is an old attribute I did not know still existed. Never had to use it..
Great you can use it
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 18
  • 14
Tackle projects and never again get stuck behind a technical roadblock.
Join Now