Jim, This is done for security reasons. Imagine someone creating his own scripting to access Javascript methods which return sensitive information (bankaccount).
There are some things one can do, like P3P tags, but essentially it comes down to someone modifying the cross domain scripting settings in the browser. For IE, this is down by a checkbox, and for FireFox you need to uncomment some lines and invoke the PrivilegeManager to enable UniversalBrowserRead. if (typeof netscape != 'undefined' && typeof netscape.security != 'undefined'){ netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead '); } Sometimes it can be a pain in the ass, but I am glad the security is there. Micha Schopman Project Manager Modern Media, Databankweg 12 M, 3821 AL Amersfoort Tel 033-4535377, Fax 033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380 ------------------------------------------------------------------------ ------------------------------------------------------------------------ ----- Modern Media, Making You Interact Smarter. Onze oplossingen verbeteren de interactie met uw doelgroep. Wilt u meer omzet, lagere kosten of een beter service niveau? Voor meer informatie zie www.modernmedia.nl ------------------------------------------------------------------------ ------------------------------------------------------------------------ ----- -----Original Message----- From: Jim Davis [mailto:[EMAIL PROTECTED] Sent: dinsdag 24 mei 2005 3:19 To: CF-Talk Subject: RE: (OT) Object tag - text/html in IE Cross Domain > -----Original Message----- > From: James Holmes [mailto:[EMAIL PROTECTED] > Sent: Monday, May 23, 2005 9:25 PM > To: CF-Talk > Subject: RE: (OT) Object tag - text/html in IE Cross Domain > > ROFL. > > It's similar to an iframe in the way it works (and that's how I ended up > doing it) but there is one small difference - an iframe's navigation is > self-contained (i.e. links open inside the iframe) whereas the object > tag's links (by default) target the browser containing the tag like any > other. This difference may be more of a security hassle, I guess. > Luckily in this instance the code I included had no links so the end > result was anlomst identical using the iframe. The only reason I'm being such a prick about this is that I've been through it. Our company was bought out and we wanted to combine our websites - content from both servers in the same frame. But we had all sorts of cross-site scripting issues. I spent some time and figured out an inelegant, but perfectly usable system for passing information across sites using the status bar. This was because it turned out that browsers from different domains could still both read and write to the status bar (at the time it worked in everything but IE 5.5 - although oddly it did work in IE 6). The code essentially created asynchronous messaging queues between two sites - it was actually pretty slick. (I've still got it if anybody wants to take a look.) It allowed scripts from different domains to share text data. (As an aside I still think that's something that should be allowed via some specialized code. There should be some standardized location - something like a "public" object which is accessible to all scripts in the instance - that way different sites that choose to share data would have the ability too, but the default behavior would be safe.) I made the mistake of posting a question about how to fix the IE 5.5 issue to a public forum which started a whole tirade about cross-site browser security. Several people sent messages to the various vendors - now my code doesn't work in any of the new browsers. Because of that I'm just overly wary of taking advantage of anything that even has shades of that. I just don't want to get used to something only to have the capability disabled just when I've gotten used to relying on it. ;^) Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207510 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54