Cross-frame scripting, works in FF but not IE

Snib · October 22nd, 2004, 05:36 PM

Hello P2P,

I have a frameset page that has two frames, one of which periodically refreshes the other using JS. The frame that I refresh is on a remote server. In the frame that has the code that refreshes the other:

function refreshOtherFrame()
{
parent.frames.myOtherFrame.location.reload();
}

According to this page...
http://msdn.microsoft.com/workshop/a...g_security.asp
...I shouldn't be getting Permission Denied because I'm not reading the URL of the other frame, just resetting it.

But I am getting Permission Denied anyway.

The strange thing is, this script works in Firefox, but IE's "security" seems to think I'm accessing another part of the DOM other than the locaiton, when I'm really just calling a method.

Is there a way around this?

Thanks,

-Snib
Where will you be in 100 years?
Try new FreshView 0.2!
There are only two stupid questions: the one you can't find the answer to and don't ask, and the one that you can find the answer and do ask.

joefawcett · October 23rd, 2004, 03:37 AM

What OS and browser version?
I will check with Microsoft and see if it's a feature or a bug :)
For example a lot of this stuff has been tightened up with XP SP2 and seems to be undocumented.

--

Joe

Snib · October 23rd, 2004, 09:17 AM

IE 6.0.2900.2180.xpsp_sp2_rtm.040803-2158 running on Windows XP Professional (5.1 SP2)

Thanks Joe!!

-Snib
Where will you be in 100 years?
Try new FreshView 0.2!
There are only two stupid questions: the one you can't find the answer to and don't ask, and the one that you can find the answer and do ask.

joefawcett · October 25th, 2004, 05:41 AM

I have been pointed to the Technical Documentation in this article http://www.microsoft.com/technet/sec.../MS04-004.mspx
According to my source this means that ALL cros-domain interaction is disallowed. Do yoiu have "Navigate sub frames across domains" checked in the appropriate security zone?

--

Joe

Snib · October 25th, 2004, 08:54 PM

Yes, I allowed "Navigate Sub-frames Across Domains" before I posted for Trusted Sites.

I put the frameset and the refresher frame in Trusted Sites, and it didn't work. The other frame, hosted on a remote server, is not in Trusted Sites. However, I put it in Trusted Sites and it still didn't work.

Thanks,

-Snib
Where will you be in 100 years?
Try new FreshView 0.2!
There are only two stupid questions: the one you can't find the answer to and don't ask, and the one that you can find the answer and do ask.