Re: [ACFUG Discuss] JS thing
Glad it worked out for you. Cheers! -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] [U]nconstitutional behavior by the authorities is constrained only by the peoples' willingness to contest them --John Perry Barlow On Sep 7, 2007, at 9:46 AM, shawn gorrell wrote: Dude, that worked like a little champion. I just put a script tag in each and set the document.domain to the same lower level value. document.domain = ad.win.domain.org; It ignores whatever is to the left. Thanks, S - Original Message From: Dean H. Saxe [EMAIL PROTECTED] To: discussion@acfug.org Sent: Friday, September 7, 2007 9:32:55 AM Subject: Re: [ACFUG Discuss] JS thing Ahhh! Try using the document.domain property to set the domain to whatever.org on both scripts. This might allow you to violate the SOP, but I have never tried this explicitly. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] What difference does it make to the dead, the orphans, and the homeless, whether the mad destruction is wrought under the name of totalitarianism or the holy name of liberty and democracy? --Gandhi On Sep 7, 2007, at 9:22 AM, shawn gorrell wrote: It is something like: something.ad.win.whatever.org and anotherthing.ad.win.whatever.org I just tested using fully qualified paths and got the same error message. - Original Message From: Fennell, Mark P. [EMAIL PROTECTED] To: discussion@acfug.org Sent: Friday, September 7, 2007 9:10:31 AM Subject: RE: [ACFUG Discuss] JS thing Are the servers in the same domain? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shawn gorrell Sent: Friday, September 07, 2007 9:06 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] JS thing I know how to do that, but see if you can do it where the opener and the opened are not on the same server. You'll get a permission denied error. - Original Message From: Fennell, Mark P. [EMAIL PROTECTED] To: discussion@acfug.org Sent: Friday, September 7, 2007 8:56:37 AM Subject: RE: [ACFUG Discuss] JS thing Check on using opener.document.formname.textfield.value in the child window. Also, we use this as part of a custom tag to built date cfinput text boxes. http://www.dynarch.com/projects/calendar/ Looks something like this... cfinput type=Text name=#attributes.fname# value=#value# message=#message# [#attributes.fname#] required=#req# size=#size# id=#attributes.fname# maxlength=12 onFocus=return showCalendar('#attributes.fname#', '#dateForm#'); hth. mf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shawn gorrell Sent: Friday, September 07, 2007 8:13 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] JS thing No, it isn't like that. Think of a text field with a calendar picker that pops up and injects the picked date back into the field. Then the full form is submitted. - Original Message From: Douglas Knudsen [EMAIL PROTECTED] To: discussion@acfug.org Sent: Friday, September 7, 2007 8:05:00 AM Subject: Re: [ACFUG Discuss] JS thing Anyway to just do a GET or POST to the non CF box? Might need to mod a little of the CF code though. On 9/7/07, shawn gorrell [EMAIL PROTECTED] wrote: I'm having an issue where browser security is getting in the way of something I need to do and was wondering if any of you have an idea of how to solve it. Here's the deal. We have a non-CF application on a server which has an HTML form that pops up a window with a form on a different CF server. What I'm trying to do is inject the selected data back into the form field on the non-CF box. Normally that is pretty easy if the whole thing is on one box with an opener.blahblah. But since it is across boxes we're getting a permission denied sort of error. I was considering doing a copy to clipboard sort of thing and make them paste it in the other form, but that is very clunky. Any ideas for a fix or work around? - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it? - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com
Re: [ACFUG Discuss] JS thing
Thanks man. I'll try the document.domain idea from your other response too. I'll let you know how it works out. - Original Message From: Dean H. Saxe [EMAIL PROTECTED] To: discussion@acfug.org Sent: Friday, September 7, 2007 9:31:48 AM Subject: Re: [ACFUG Discuss] JS thing You're running into the JavaScript Same Origin Policy. You can use a dynamic script tag (i.e. document.write(script);) from within the code originating from YOUR server, the JS that is downloaded will bypass the SOP. However, that code, if it ever becomes malicious, will 0wn your users in no time since it now has full access to the DOM. Shawn, I'll send you my Ajax security deck when I get my work box online today, it explains this further. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] Free speech exercised both individually and through a free press, is a necessity in any country where people are themselves free. -- Theodore Roosevelt, 1918 On Sep 7, 2007, at 9:06 AM, shawn gorrell wrote: I know how to do that, but see if you can do it where the opener and the opened are not on the same server. You'll get a permission denied error. - Original Message From: Fennell, Mark P. [EMAIL PROTECTED] To: discussion@acfug.org Sent: Friday, September 7, 2007 8:56:37 AM Subject: RE: [ACFUG Discuss] JS thing Check on using opener.document.formname.textfield.value in the child window. Also, we use this as part of a custom tag to built date cfinput text boxes. http://www.dynarch.com/projects/calendar/ Looks something like this... cfinput type=Text name=#attributes.fname# value=#value# message=#message# [#attributes.fname#] required=#req# size=#size# id=#attributes.fname# maxlength=12 onFocus=return showCalendar('#attributes.fname#', '#dateForm#'); hth. mf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shawn gorrell Sent: Friday, September 07, 2007 8:13 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] JS thing No, it isn't like that. Think of a text field with a calendar picker that pops up and injects the picked date back into the field. Then the full form is submitted. - Original Message From: Douglas Knudsen [EMAIL PROTECTED] To: discussion@acfug.org Sent: Friday, September 7, 2007 8:05:00 AM Subject: Re: [ACFUG Discuss] JS thing Anyway to just do a GET or POST to the non CF box? Might need to mod a little of the CF code though. On 9/7/07, shawn gorrell [EMAIL PROTECTED] wrote: I'm having an issue where browser security is getting in the way of something I need to do and was wondering if any of you have an idea of how to solve it. Here's the deal. We have a non-CF application on a server which has an HTML form that pops up a window with a form on a different CF server. What I'm trying to do is inject the selected data back into the form field on the non-CF box. Normally that is pretty easy if the whole thing is on one box with an opener.blahblah. But since it is across boxes we're getting a permission denied sort of error. I was considering doing a copy to clipboard sort of thing and make them paste it in the other form, but that is very clunky. Any ideas for a fix or work around? - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it? - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - Annual Sponsor - Figleaf Software To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - Annual Sponsor - Figleaf Software To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http
RE: [ACFUG Discuss] JS thing
Check on using opener.document.formname.textfield.value in the child window. Also, we use this as part of a custom tag to built date cfinput text boxes. http://www.dynarch.com/projects/calendar/ Looks something like this... cfinput type=Text name=#attributes.fname# value=#value# message=#message# [#attributes.fname#] required=#req# size=#size# id=#attributes.fname# maxlength=12 onFocus=return showCalendar('#attributes.fname#', '#dateForm#'); hth. mf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shawn gorrell Sent: Friday, September 07, 2007 8:13 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] JS thing No, it isn't like that. Think of a text field with a calendar picker that pops up and injects the picked date back into the field. Then the full form is submitted. - Original Message From: Douglas Knudsen [EMAIL PROTECTED] To: discussion@acfug.org Sent: Friday, September 7, 2007 8:05:00 AM Subject: Re: [ACFUG Discuss] JS thing Anyway to just do a GET or POST to the non CF box? Might need to mod a little of the CF code though. On 9/7/07, shawn gorrell [EMAIL PROTECTED] wrote: I'm having an issue where browser security is getting in the way of something I need to do and was wondering if any of you have an idea of how to solve it. Here's the deal. We have a non-CF application on a server which has an HTML form that pops up a window with a form on a different CF server. What I'm trying to do is inject the selected data back into the form field on the non-CF box. Normally that is pretty easy if the whole thing is on one box with an opener.blahblah. But since it is across boxes we're getting a permission denied sort of error. I was considering doing a copy to clipboard sort of thing and make them paste it in the other form, but that is very clunky. Any ideas for a fix or work around? - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it? - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - Annual Sponsor - Figleaf Software http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -