Re: [ACFUG Discuss] JS thing

Fri, 07 Sep 2007 06:35:12 -0700

You're running into the JavaScript Same Origin Policy. You can use a dynamic script tag (i.e. document.write("<script....");) from within the code originating from YOUR server, the JS that is downloaded will bypass the SOP. However, that code, if it ever becomes malicious, will 0wn your users in no time since it now has full access to the DOM.
Shawn, I'll send you my Ajax security deck when I get my work box online today, it explains this further. 

-dhs


Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]

"Free speech exercised both individually and through a free press, is  
a necessity in any country where people are themselves free."

    -- Theodore Roosevelt, 1918


On Sep 7, 2007, at 9:06 AM, shawn gorrell wrote:


I know how to do that, but see if you can do it where the opener  
and the opened are not on the same server. You'll get a permission  
denied error.


----- Original Message ----
From: "Fennell, Mark P." <[EMAIL PROTECTED]>
To: [email protected]
Sent: Friday, September 7, 2007 8:56:37 AM
Subject: RE: [ACFUG Discuss] JS thing


Check on using opener.document.formname.textfield.value in the  
child window.
Also, we use this as part of a custom tag to built date cfinput  
text boxes. http://www.dynarch.com/projects/calendar/

Looks something like this...

 <cfinput type="Text" name="#attributes.fname#" value="#value#"  
message="#message#  [#attributes.fname#]" required="#req#"  
size="#size#" id="#attributes.fname#" maxlength="12"  
onFocus="return showCalendar('#attributes.fname#', '#dateForm#');">


hth.
mf


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shawn  
gorrell

Sent: Friday, September 07, 2007 8:13 AM
To: [email protected]
Subject: Re: [ACFUG Discuss] JS thing


No, it isn't like that. Think of a text field with a calendar  
picker that pops up and injects the picked date back into the  
field. Then the full form is submitted.


----- Original Message ----
From: Douglas Knudsen <[EMAIL PROTECTED]>
To: [email protected]
Sent: Friday, September 7, 2007 8:05:00 AM
Subject: Re: [ACFUG Discuss] JS thing

Anyway to just do a GET or POST to the non CF box?  Might need to mod
a little of the CF code though.


On 9/7/07, shawn gorrell <[EMAIL PROTECTED]> wrote:
> I'm having an issue where browser security is getting in the way of

> something I need to do and was wondering if any of you have an  
idea of how

> to solve it.
>

> Here's the deal. We have a non-CF application on a server which  
has an HTML
> form that pops up a window with a form on a different CF server.  
What I'm
> trying to do is inject the selected data back into the form field  
on the
> non-CF box. Normally that is pretty easy if the whole thing is on  
one box
> with an opener.blahblah. But since it is across boxes we're  
getting a

> permission denied sort of error.
>

> I was considering doing a copy to clipboard sort of thing and  
make them

> paste it in the other form, but that is very clunky.
>
>
>
> Any ideas for a fix or work around?
>
>
>
>
>
>
> -------------------------------------------------------------
>
> Annual Sponsor FigLeaf Software - http://www.figleaf.com
>
>
>
> To unsubscribe from this list, manage your profile @
>
> http://www.acfug.org?fa=login.edituserform
>
>
>
> For more info, see http://www.acfug.org/mailinglists
>
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
>
> List hosted by http://www.fusionlink.com
>
> -------------------------------------------------------------
>
>
>


--
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?


-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------





-------------------------------------------------------------
Annual Sponsor - Figleaf Software

To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor - Figleaf Software

To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------


-------------------------------------------------------------
Annual Sponsor - Figleaf Software

To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------




-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com


To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform


For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------

























					Reply via email to