Re: [ACFUG Discuss] JS thing
Glad it worked out for you.
Cheers!
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
[U]nconstitutional behavior by the authorities is constrained only
by the peoples' willingness to contest them
--John Perry Barlow
On Sep 7, 2007, at 9:46 AM, shawn gorrell wrote:
Dude, that worked like a little champion.
I just put a script tag in each and set the document.domain to the
same lower level value.
document.domain = ad.win.domain.org;
It ignores whatever is to the left.
Thanks,
S
- Original Message
From: Dean H. Saxe [EMAIL PROTECTED]
To: discussion@acfug.org
Sent: Friday, September 7, 2007 9:32:55 AM
Subject: Re: [ACFUG Discuss] JS thing
Ahhh! Try using the document.domain property to set the domain to
whatever.org on both scripts. This might allow you to violate the
SOP, but I have never tried this explicitly.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
What difference does it make to the dead, the orphans, and the
homeless, whether the mad destruction is wrought under the name of
totalitarianism or the holy name of liberty and democracy?
--Gandhi
On Sep 7, 2007, at 9:22 AM, shawn gorrell wrote:
It is something like:
something.ad.win.whatever.org
and
anotherthing.ad.win.whatever.org
I just tested using fully qualified paths and got the same error
message.
- Original Message
From: Fennell, Mark P. [EMAIL PROTECTED]
To: discussion@acfug.org
Sent: Friday, September 7, 2007 9:10:31 AM
Subject: RE: [ACFUG Discuss] JS thing
Are the servers in the same domain?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shawn
gorrell
Sent: Friday, September 07, 2007 9:06 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] JS thing
I know how to do that, but see if you can do it where the opener
and the opened are not on the same server. You'll get a permission
denied error.
- Original Message
From: Fennell, Mark P. [EMAIL PROTECTED]
To: discussion@acfug.org
Sent: Friday, September 7, 2007 8:56:37 AM
Subject: RE: [ACFUG Discuss] JS thing
Check on using opener.document.formname.textfield.value in the
child window.
Also, we use this as part of a custom tag to built date cfinput
text boxes. http://www.dynarch.com/projects/calendar/
Looks something like this...
cfinput type=Text name=#attributes.fname# value=#value#
message=#message# [#attributes.fname#] required=#req#
size=#size# id=#attributes.fname# maxlength=12
onFocus=return showCalendar('#attributes.fname#', '#dateForm#');
hth.
mf
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shawn
gorrell
Sent: Friday, September 07, 2007 8:13 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] JS thing
No, it isn't like that. Think of a text field with a calendar
picker that pops up and injects the picked date back into the
field. Then the full form is submitted.
- Original Message
From: Douglas Knudsen [EMAIL PROTECTED]
To: discussion@acfug.org
Sent: Friday, September 7, 2007 8:05:00 AM
Subject: Re: [ACFUG Discuss] JS thing
Anyway to just do a GET or POST to the non CF box? Might need to
mod
a little of the CF code though.
On 9/7/07, shawn gorrell [EMAIL PROTECTED] wrote:
I'm having an issue where browser security is getting in the
way of
something I need to do and was wondering if any of you have an
idea of how
to solve it.
Here's the deal. We have a non-CF application on a server which
has an HTML
form that pops up a window with a form on a different CF server.
What I'm
trying to do is inject the selected data back into the form field
on the
non-CF box. Normally that is pretty easy if the whole thing is on
one box
with an opener.blahblah. But since it is across boxes we're
getting a
permission denied sort of error.
I was considering doing a copy to clipboard sort of thing and
make them
paste it in the other form, but that is very clunky.
Any ideas for a fix or work around?
-
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-
--
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?
-
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
Re: [ACFUG Discuss] JS thing
Thanks man. I'll try the document.domain idea from your other response too.
I'll let you know how it works out.
- Original Message
From: Dean H. Saxe [EMAIL PROTECTED]
To: discussion@acfug.org
Sent: Friday, September 7, 2007 9:31:48 AM
Subject: Re: [ACFUG Discuss] JS thing
You're running into the JavaScript Same Origin Policy. You can use a
dynamic script tag (i.e. document.write(script);) from within
the code originating from YOUR server, the JS that is downloaded will
bypass the SOP. However, that code, if it ever becomes malicious,
will 0wn your users in no time since it now has full access to the DOM.
Shawn, I'll send you my Ajax security deck when I get my work box
online today, it explains this further.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
Free speech exercised both individually and through a free press, is
a necessity in any country where people are themselves free.
-- Theodore Roosevelt, 1918
On Sep 7, 2007, at 9:06 AM, shawn gorrell wrote:
I know how to do that, but see if you can do it where the opener
and the opened are not on the same server. You'll get a permission
denied error.
- Original Message
From: Fennell, Mark P. [EMAIL PROTECTED]
To: discussion@acfug.org
Sent: Friday, September 7, 2007 8:56:37 AM
Subject: RE: [ACFUG Discuss] JS thing
Check on using opener.document.formname.textfield.value in the
child window.
Also, we use this as part of a custom tag to built date cfinput
text boxes. http://www.dynarch.com/projects/calendar/
Looks something like this...
cfinput type=Text name=#attributes.fname# value=#value#
message=#message# [#attributes.fname#] required=#req#
size=#size# id=#attributes.fname# maxlength=12
onFocus=return showCalendar('#attributes.fname#', '#dateForm#');
hth.
mf
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shawn
gorrell
Sent: Friday, September 07, 2007 8:13 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] JS thing
No, it isn't like that. Think of a text field with a calendar
picker that pops up and injects the picked date back into the
field. Then the full form is submitted.
- Original Message
From: Douglas Knudsen [EMAIL PROTECTED]
To: discussion@acfug.org
Sent: Friday, September 7, 2007 8:05:00 AM
Subject: Re: [ACFUG Discuss] JS thing
Anyway to just do a GET or POST to the non CF box? Might need to mod
a little of the CF code though.
On 9/7/07, shawn gorrell [EMAIL PROTECTED] wrote:
I'm having an issue where browser security is getting in the way of
something I need to do and was wondering if any of you have an
idea of how
to solve it.
Here's the deal. We have a non-CF application on a server which
has an HTML
form that pops up a window with a form on a different CF server.
What I'm
trying to do is inject the selected data back into the form field
on the
non-CF box. Normally that is pretty easy if the whole thing is on
one box
with an opener.blahblah. But since it is across boxes we're
getting a
permission denied sort of error.
I was considering doing a copy to clipboard sort of thing and
make them
paste it in the other form, but that is very clunky.
Any ideas for a fix or work around?
-
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-
--
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?
-
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-
-
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-
-
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http
RE: [ACFUG Discuss] JS thing
Check on using opener.document.formname.textfield.value in the child
window.
Also, we use this as part of a custom tag to built date cfinput text
boxes. http://www.dynarch.com/projects/calendar/
Looks something like this...
cfinput type=Text name=#attributes.fname# value=#value#
message=#message# [#attributes.fname#] required=#req# size=#size#
id=#attributes.fname# maxlength=12 onFocus=return
showCalendar('#attributes.fname#', '#dateForm#');
hth.
mf
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shawn
gorrell
Sent: Friday, September 07, 2007 8:13 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] JS thing
No, it isn't like that. Think of a text field with a calendar picker
that pops up and injects the picked date back into the field. Then the
full form is submitted.
- Original Message
From: Douglas Knudsen [EMAIL PROTECTED]
To: discussion@acfug.org
Sent: Friday, September 7, 2007 8:05:00 AM
Subject: Re: [ACFUG Discuss] JS thing
Anyway to just do a GET or POST to the non CF box? Might need to mod
a little of the CF code though.
On 9/7/07, shawn gorrell [EMAIL PROTECTED] wrote:
I'm having an issue where browser security is getting in the way of
something I need to do and was wondering if any of you have an idea of
how
to solve it.
Here's the deal. We have a non-CF application on a server which has an
HTML
form that pops up a window with a form on a different CF server. What
I'm
trying to do is inject the selected data back into the form field on
the
non-CF box. Normally that is pretty easy if the whole thing is on one
box
with an opener.blahblah. But since it is across boxes we're getting a
permission denied sort of error.
I was considering doing a copy to clipboard sort of thing and make
them
paste it in the other form, but that is very clunky.
Any ideas for a fix or work around?
-
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-
--
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?
-
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-
-
Annual Sponsor - Figleaf Software http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink http://www.fusionlink.com
-
-
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-
