Hi, this probably sounds silly, but is there a pref to enable cross-site scripting, or in other words, a pref to disable cross-site security checks? IE appears to have an option like this, but it doesn't seem to work, which is no great surprise I guess. For some context, I'd like to do something like the following: have a framed page, with a control script in one frame that changes pages in the other frame depending on what URL the other frame has.
I've tried signing the script, but I can't seem to even generate a test object-signing certificate with signtool. Thanks for any help!
Enabling cross-site scripting without signed scripts?
-
- Posts: 9
- Joined: August 14th, 2003, 10:47 pm
- alanjstr
- Moderator
- Posts: 9100
- Joined: November 5th, 2002, 4:43 pm
- Location: Anywhere but here
- Contact:
That's like saying "hi, is there a way to open a big security hole in my computer"
you should be able to access the frame as long as it's on the same website.
you should be able to access the frame as long as it's on the same website.
Former UMO Admin, Former MozillaZine General Mod
I am rarely on mozillaZine, so please do not send me a private message.
My Old Firefox config files
I am rarely on mozillaZine, so please do not send me a private message.
My Old Firefox config files
-
- Posts: 9
- Joined: August 14th, 2003, 10:47 pm
alanjstr wrote:That's like saying "hi, is there a way to open a big security hole in my computer"
you should be able to access the frame as long as it's on the same website.
Yes, that's exactly what I'm saying, hence the "this probably sounds silly" part. Regardless, this is what I'd like to do because figuring out how to sign the script is relatively unpleasant. Anyhow, it doesn't open a big security hole to my computer per se, I just need to be careful about what I enter into other mozilla windows. And yes, I would be able to access the frame if my controlling script were on the same website. But it's not, which is the problem.
-
- Posts: 9
- Joined: August 14th, 2003, 10:47 pm
Doron wrote:You mean:
2 frames, and 1 frame opens a page in the other frame that is from another domain? Or do you need to do more than just load a page?
Yep, basically. Well, all I need is for my script to be able to tell, for example, the url in the other frame. But since the other frame has a page from a different domain, mozilla won't allow access because it's a potential security hazard, so I'd like to disable the cross-site checks while I run this script, if possible.
-
- Posts: 252
- Joined: November 18th, 2002, 11:59 am
- Location: Tallinn, Estonia
- Contact:
enablePrivilege
you proabably want to grant
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead") in your script.
for more optins see http://www.mozilla.org/projects/securit ... privs-list
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead") in your script.
for more optins see http://www.mozilla.org/projects/securit ... privs-list