×

Discussion Board

Results 1 to 5 of 5
  1. #1
    Registered User
    Join Date
    Sep 2005
    Posts
    12

    iframe security issue

    Hi there,

    we are developing a widget for wrt 1.1 and we have the following problem:

    The widget creates an iframe using the dom model that has a network source address. While this loads there is a script tag that calls a function defined withing the widget local content. when this happens we get the following javascript error:

    Error: Unsafe Javascript attempt to access frame with URL file:///C:/..... from frame with URL http://xxx.x..x.x.x ...

    Is there a way around this ? We are thinking of wrapping a lot of our code with an iframe in the widget html...

    Thanks,

    Alex Kritikos
    my-Channels

  2. #2
    Nokia Developer Expert
    Join Date
    Jun 2008
    Location
    Tampere
    Posts
    833

    Re: iframe security issue

    Hello Alex,

    What browser are you using?
    I would suspect that this is some kind of security mechanism that prevents accessing the resources loaded from different domain, like the cross site xhr prevention.

    Have you tested if this works on real device?

    Ps. About iFrames and widgets.
    http://wiki.forum.nokia.com/index.ph...ts_and_iframes

    -Ilkka

  3. #3
    Registered User
    Join Date
    Sep 2005
    Posts
    12

    Re: iframe security issue

    Hello Ilkka,

    thanks for your response. This happens on the N97 emulator when running a widget. I have not tested yet on a real device but the only 'browser' involved is the widget runtime. Its not really the cross site XHR but javascript cross domain which seems disabled for widgets (or they wouldnt be able to access the network).

    As i said before this is caused by the following:

    1. Local widget creates a hidden iFrame using javascript / dom model. The src attribute of the iframe is set to an HTTP url.
    2. All of the above works however the content of the iframe contains a <script> tag that calls a javascript function defined by the widget.
    3. The error occurs

    Any help would be appreciated.

    Alex


    Quote Originally Posted by isalento View Post
    Hello Alex,

    What browser are you using?
    I would suspect that this is some kind of security mechanism that prevents accessing the resources loaded from different domain, like the cross site xhr prevention.

    Have you tested if this works on real device?

    Ps. About iFrames and widgets.
    http://wiki.forum.nokia.com/index.ph...ts_and_iframes

    -Ilkka

  4. #4
    Nokia Developer Champion
    Join Date
    Nov 2007
    Location
    Rome, Italy
    Posts
    2,406

    Re: iframe security issue

    Hi krital,

    as Ilkka said, this most probably is a security-related issue. Never tried with iFrames within WRT widgets, but the behavior you describe is exactly what happens when you try to access the content of an iFrame coming from a different domain.

    Anyway, a test on a real device would be probably useful.

    As a possible workaround: you could try loading the remote resource with a classic XMLHttpRequest object, and then manually setting the iFrame content with the responseText retrieved from that request. Not sure if it can properly work, but a test would clarify this

    Hope it helps,
    Pit

  5. #5
    Registered User
    Join Date
    Sep 2005
    Posts
    12

    Re: iframe security issue

    Hi Pit,

    thanks for your response. i will describe once again the situation as i tend to believe its a simulator or WRT bug.(BTW this design was done to specifically work around this issue, not how i started).

    I have a WRT widget with a single index.html file. In there i define an IFrame which has a src attribute http://192.168.1.1/index_widget.html. The index_widget.html content loads and the scripts start running ok initially. At some point, the script creates another iframe using the dom api and sets its src attribute to another url on the same server (192.168.1.1). The content of that child iframe has a script tag that does window.parent.xxx where xxx is defined in index_widget.html. This should normally work because both iframes are loaded from the same domain, but instead it gives me :

    Error: Unsafe Javascript attempt to access frame with URL http://192.168.1.1/index_widget.html from frame with URL http://192.168.1.1/x/x/x

    Now if i visit http://192.168.1.1/index_widget.html or even if i put the widget index.html on the web server this works on safari, firefox, IE as well as the n97 SDK browser!

    Thats why i believe it is a bug, i will try on a real N97 soon but does anyone have any ideas? Is there a newer version of the SDK than 1.0 ? any patches? bugfixes?

    Thanks in advance,

    Alex Kritikos
    my-Channels

    Quote Originally Posted by jappit View Post
    Hi krital,

    as Ilkka said, this most probably is a security-related issue. Never tried with iFrames within WRT widgets, but the behavior you describe is exactly what happens when you try to access the content of an iFrame coming from a different domain.

    Anyway, a test on a real device would be probably useful.

    As a possible workaround: you could try loading the remote resource with a classic XMLHttpRequest object, and then manually setting the iFrame content with the responseText retrieved from that request. Not sure if it can properly work, but a test would clarify this

    Hope it helps,
    Pit

Similar Threads

  1. OVI Publishing Issue - POINT OF CONTACT
    By Vignesh.M in forum [Closed] Publishing to Nokia Store
    Replies: 4
    Last Post: 2009-08-18, 14:35
  2. issue with at+cusd over bluetooth link
    By hbanks in forum General Messaging
    Replies: 2
    Last Post: 2007-09-25, 21:21
  3. RTSP video streaming issue on 6280
    By olivier_irac in forum General Development Questions
    Replies: 0
    Last Post: 2006-12-04, 15:11
  4. Installation security error on Symbian OS
    By dusanbaranec in forum Mobile Java General
    Replies: 2
    Last Post: 2006-04-03, 18:37
  5. FingerPrint Scanning Security System for Cellphones
    By riez_n in forum General Development Questions
    Replies: 1
    Last Post: 2004-01-13, 11:43

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×