Solved

How to allow a cross domain page to access (and modify) my form fields?

Posted on 2008-10-21
6
1,053 Views
Last Modified: 2012-06-27
I got two pages:

* A.jsp has an html form named "iForm" with address fields and a popup link to B.jsp

* B.jsp allows the user to select an addressID value and use that value to populate iForm.addressID by doing:

   window.opener.document.forms['iForm'].addressID.value = selectedValueFormPopup;

So far everything's fine and dandy.

However, when A.jsp resides on a different server, I get a security error message:

"permission denied to get property Window.document"

How can I allow B.jsp access to fields on A.jsp?

(I know I can pass JSON messages to A.jsp via its url query string, but that is not the preferred method).

Help much appreciated.
0
Comment
Question by:coniglio14
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 22775779
1. use url (you said no)
2. use a javascript residing on server A in page from server B
3. call the server A's pages from server B and present as server B's page


So if you in page A load a javascript from server B, this script can fill in the form:
http://ajaxpatterns.org/On-Demand_Javascript

function ensureUploadScriptIsLoaded() {
   if (self.uploadScript) { // Already exists
     return;
   }
   var head = document.getElementsByTagName("head")[0];
   script = document.createElement('script');
   script.id = 'uploadScript';
   script.type = 'text/javascript';
   script.src = "http://www.serverB.com/formfill.jsp?parameter="+parms;
   head.appendChild(script);
 }

Open in new window

0
 

Author Comment

by:coniglio14
ID: 22776702
Tried your solution number 2:

A.jsp sits on server A and has form "iForm" whose fields are to be populated (A.jsp has not changed).

Now B.jsp (the adress lookup popup residing on server B) calls the "populateClientForm()" function from a javascript file residing on server A:


// in B.jsp
<script src="http://serverA.com/scripts/populate.js"></script>
...
<input type="button" onclick="populateClientForm(adressID)" value="Populate form"/>
...

However I still get the same security error message ("permission denied to get property Window.document").

Am I missing a step here?

Thanks!
C14

(In the mean time I'll attempt your solution number 3)
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 22776994
Yes, you missed something or I was not clear

A.jsp on serverA has a form.
B.jsp on serverB has some data
You need A.jsp to contact serverB which has the data - to load a JS file - which can be a jsp setting the header
content-type:text/javascript

This file can then do

document.forms[0].addressId.value='<%=addressId %>'


0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:coniglio14
ID: 22845734
I decided to use the the URL to pass parameters, or more specifically the hash portion of the URL, e.g. "http://serverA/myContext/A.jsp#paramString".

This is what B.jsp (sitting on server B) is doing:

   window.opener.location.hash=myParameters;

Then A.jsp reads and processes those parameters.

This works fine, but only in FireFox, not in IE.

How can I fix this security problem in IE?

Thanks much!

0
 
LVL 75

Accepted Solution

by:
Michel Plungjan earned 500 total points
ID: 22848646
0
 

Author Closing Comment

by:coniglio14
ID: 31508526
Thanks a lot!
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question