I have a frameset page that has two frames from different domains, and tried to call(from one frame) javascript function on parent page to change URL on other frame , but received
Permission Denied
I made sure the "Navigate sub-frames across different domains" was enabled for all my zones
The scenario is of two different web servers. The parent frame (html
> page orginates from server 1) has script like
> alert('parent invoked');
> Inside child frame (html orginates from server 2) the html refers to
> parent script like
> parent.x1();
If you somehow manage to get this to work, please report it to browser
developers so they could patch it because it would be a security hole.
Essentially, you're attempting to perform cross-site scripting, basics
of cross-site scripting attack, one of more dangerous ones.
If both pages come from the same
parent domain, and
both of them set he property document.domain to the same parent domain, scripts running in either frame will be allowed to talk to each other. For example, say the page http://www.example.com/ loads the page http://ajax.example.com/ in an iframe. Since both pages are in the domain example.com, if both set document.domain to “example.com” they will be be given the ability to programatically access each other’s data.
Finally I carefully read MSDN
About Cross-Frame Scripting and Security article and understood, that you can SET
window.
location.
href /document.location.href in the DHTML, but you can't call JS function from other Frame, even if it does the same
window.
location.
href assignment.
.