jQuery fails to access a local HTML file | SCRIPT70: Permission denied - javascript

I have to implement an existing frameset with JavaScript/jQuery. I´ve embedded the developer version jQuery JavaScript Library v1.9.0.
Every time the right-frame loaded a new HTML-file a function will check the content of this new loaded document. This process will fail sometimes, it´s not possible to understand when (and why) because it occurs randomly.
This is the line which will try to access the frames content:
var Jrightframe = $(iframe.find('frameset#myID frameset frame[name="right"]').get(0).contentWindow.document);
Sometimes, as I said it above, the message will be:
SCRIPT70: permission denied jquery.js, line 3882 character 2
I think it´s a same origin policy problem because I tried this locally (C: partition). But what is the problem to load a file from the partition if the js-script runs on the same partition?
Can somebody please help me to find out what´s going on here?

I searched a long time and found multiple problems like my problem. Ok here is what solved the problem:
Update the jquery core to v1.11.0. It seems only to appear in older versions.

Related

How to avoid '#' sign expansion in `vega#3`

In an HTML script, a call to fetch a package ending in vega#n where n is a version number, is being incorrectly expanded and causing a 404 error. I'm trying to find out why, and to prevent this.
Apologies in advance for the long-winded explanation, but I'm not sure where the problem lies so I'm trying to be as specific as possible.
I'm following the user guide to try and load a vis into a jupyter notebook. This executes the script in-browser, I believe, but for some reason has support for requireJS, which means that global modules aren't correctly loaded when using the import method, which basically uses html's <script> tags to load the module.
This can be worked around by calling define, as described in a similar problem with D3, here: https://github.com/mpld3/mpld3/issues/33#issuecomment-32101013.
I've written this gist to show a working example:
https://gist.github.com/lJoublanc/439e2f687b7aedd6fbdea5adab5cee0f
However, for some reason (either requireJS or something else - my JS knowledge is limited), expands URLs of the form https://cdn.jsdelivr.net/npm/vega#3 into something like https://cdn.jsdelivr.net/npm/vega#3.js?v=20180324103700 which results in a 404 error.
Using the github URL (i.e. without the #3) works fine though.
Any idea if this is requireJS doing this, or the CDN? How would I work around it?

jQuery on MTurk, why does Chrome report "Unsafe JavaScript attempt to access frame with URL"?

I'm doing a couple of things with jQuery in an MTurk HIT, and I'm guessing one of these is the culprit. I have no need to access the surrounding document from the iframe, so if I am, I'd like to know where that's happening and how to stop it!
Otherwise, MTurk may be doing something incorrect (they use the 5-character token & to separate URL arguments in the iframe URL, for example, so they DEFINITELY do incorrect things).
Here are the snippets that might be causing the problem. All of this is from within an iframe that's embedded in the MTurk HIT** (and related) page(s):
I'm embedding my JS in a $(window).load(). As I understand it, I need to use this instead of $(document).ready() because the latter won't wait for my iframe to load. Please correct me if I'm wrong.
I'm also running a RegExp.exec on window.location.href to extract the workerId.
I apologize in advance if this is a duplicate. Indeed - after writing this, SO seems to have a made a good guess at this: Debugging "unsafe javascript attempt to access frame with URL ... ". I'll answer this question if I figure it out before you do.
It'd be great to get a good high-level reference on where to learn about this kind of thing. It doesn't fit naturally into any topic that I know - maybe learn about cross-site scripting so I can avoid it?
** If you don't know, an MTurk HIT is the unit of work for folks doing tasks on MTurk. You can see what they look like pretty quick if you navigate to http://mturk.com and view a HIT.
I've traced the code to the following chunk run within jquery from the inject.js file:
try {
isHiddenIFrame = !isTopWindow && window.frameElement && window.frameElement.style.display === "none";
} catch(e) {}
I had a similar issue running jQuery in MechanicalTurk through Chrome.
The solution for me was to download the jQuery JS files I wanted, then upload them to the secure amazon S3 service.
Then, in my HIT, I called the .js files at their new home at https://s3.amazonaws.com.
Tips on how to make code 'secure' by chrome's standards are here:
http://developer.chrome.com/extensions/contentSecurityPolicy.html
This isn't a direct answer to your question, but our lab has been successful at circumventing (read hack) this problem by asking workers click on a button inside the iframe that opens a separate pop-up window. Within the pop-up window, you're free to use jQuery and any other standard JS resources you want without triggering any of AMT's security alarms. This method has the added benefit of allowing workers to view your task in a full-sized browser window instead of AMT's tiny embedded iframes.

Multiple Different Javascript Errors Can't Duplicate

I am using a window.onerror=function(msg, url, linenumber) to send myself an email when a javascript error occurs. When I use my webpages (IE, FF, CHRM, ect) I do not receive any errors. However I am getting all kinds of errors emailed to me from other users that I cannot duplicate. I am probably getting an error happening on 1% of the users visiting the website so 1/100 page loads I get an error. Here are some:
Syntax error: http://www.google-analytics.com/ga.js
Error loading script: http://www.google-analytics.com/ga.js
Error loading script: https://seal.thawte.com/getthawteseal?host_name=XXX&size=M&lang=en
$("input.datepicker").datepicker is not a function
Uncaught SyntaxError: Unexpected token
Object doesn't support this property or method
Uncaught TypeError: Object [object Object] has no method 'dialog'
Syntax error: http://seal-cencal.bbb.org/logo/XXX
Error: Permission denied to access property 'toString'
What I don't understand is the website 99% of the time is running without any errors and I can't seem to get an error to happen for me on any browser I use. I am also tracking what browsers the users are using who send these errors and it's random, all sorts of browsers and they are all newer FF, IE versions mainly.
How do you stop syntax errors on external code (but they work most of the time)...?
How come google and thawte scripts fail to load some people so often but never happens to me, is there a way to have a fallback to this?
The datepicker one, I can only assume its error out because jquery UI failed to load because jquery loads (otherwise it wouldn't get called inside a document ready call) but I even have a localhost jquery UI script fallback include and it still happens..
Does anyone have a suggestion for me to help me further debug/fix these problems. The thing is, the website gets a lot of hits I am getting about 1 error emailed to me every minute (and it's not the same user causing each error). If you have any suggestions let me know (remember the code and website work fine 99% of the time so I don't think its a syntax problem on my end anywhere).
Thanks for your time.
How do you stop syntax errors on external code (but they work most of the time)...?
You can't really. Without a more detailed message investigation is quite impossible. Notice that sysntax errors might be caused by something else as well, their origin might not be in the external script. I doubt Google Analyticts serves invalid scripts.
How come google and thawte scripts fail to load some people so often but never happens to me
They might use adblockers or similiar against those. Not everyone wants his web usage logged by google. Also, some proxies might ignore/block them, like intranet firewalls.
is there a way to have a fallback to this?
You could try serving them from your own domain as a proxy. Or just ignore them, I don't think your app really needs a fallback for those.
The datepicker one, I can only assume its error out because jquery UI failed to load as jquery still loads
Yes, that sounds likely. Or it just didn't load before it was called.
but I even have a localhost jquery UI script fallback include and it still happens..
Localhost? I guess you mean a copy on your server. Still, it depends on the details how the script and its fallback version are loaded.
Does anyone have a suggestion for me to help me further debug/fix these problems.
A stack trace would help a lot to locate the user's action that caused the error.
Most of the errors on the list are caused by errors in browser extensions.
If you really want to log JavaScript errors, it is best you also log the stack trace if available. I also log details about functions that execute and the arguments sent to it. When the error is caught I cut X amount of stuff from the stack I built and send that up as well.

Hashtag URL rewrite / DOM manipulation causing JS misfire

I'm using the ever-popular Fancybox (http://fancybox.net) as a lightbox plugin, but for some reason it's throwing an Uncaught TypeError: Object [object Object] has no method 'fancybox' error and failing to execute.
By ripping out my AJAX / jQuery DOM rewrite script I've confirmed that it is the appending of the hash http://myurl.com/!#/ that is causing the Fancybox script to misfire in it's targeting, giving a null response on the script.
The details of the AJAX content fetching aren't that important, the point is that it is causing some aspect of Fancybox to not execute correctly (a dependency on the root URL in the main of the plugin code). How can I rewrite the plugin to find the correct root URL and ignore the hash rewrite?
Here is a pastebin of the Fancybox code I need to re-write regarding DOM targeting: http://pastebin.com/s9FjCiai
You can see the in-development site live in my development sandbox here: http://dreamstartest.net
The JS resources are definitely being loaded according to Chrome Developer Tools... any other ideas for debugging?
EDIT Opened this as an issue on Github, but like I said in the comment below, the developer looks to be swamped and I'm on a deadline, if anyone is able to find offending lines that might cause problems with the URL hash rewrite I would be eternally grateful!
Turns out that the recently released Fancybox v2 addresses this issue. Download it here: https://github.com/fancyapps/fancyBox

Why the copied HTML doesn't look like the original HTML?

I copied the generated source code (View Source -> View Generated Source in the Firefox Web Developer Toolbar) of Google's Keyword Tool page to a new HTML file.
But, when I open this new file, some of the items looks stretched for some reason:
The original website looks like this:
I guess that Google create some elements and set various attributes using Javascript, but I copied the page after it has been generated. So, why is this difference?
UPDATE 1
The only JS/CSS file, which is not given as a full path, is:
<script language="javascript" src="/cues/cues.js">
I tried replace this with:
<script language="javascript">
Contents of '/cues/cues.js' here
</script>
but it didn't help.
UPDATE 2
In the browser's error console I found the following 2 errors:
Error: com_google_ads_apps_servers_cues_CuesRelease is not defined
Source File: https://adwords.google.com/cues/768DAEDDB2193AB5B05B9C6A01394D78.cache.js
Line: 1
Error: com_google_ads_apps_targetingideas_client_TargetingIdeas is not defined
Source File: https://adwords.google.com/o/Targeting/756D6AF3BB4DD4A68315E34F50C2BC7E.cache.js
Line: 1
Any ideas why these errors appear?
UPDATE 3
Apparently, the reason is that the DOCTYPE declaration is missing. After I added <!DOCTYPE html> to the stretched version, it solved the problem. Can anyone explain why?
When you save a page, you only get the version of HTML served from the server in its original form. Any mods to the DOM made after load using JS will not be part of the save.
EDIT
I could not trace out the exact reason for the error as the code is really cryptic! In any case, if all you want is to be able to reproduce the exact page offline, then you can do a 'save page as..' from your browser (choose web page, complete). I tried this with FF as well as Chrome and it is working fine in both cases. While opening the saved page, it might be best not to use IE as its a certified choker when it comes to even the slightest error in code. :)
The most likely reason for the error is an cross-domain AJAX security exception (fired when the calling client side script and called server side script are from different domains). The 2 variables namely, com_google_ads_apps_servers_cues_CuesRelease and com_google_ads_apps_targetingideas_client_TargetingIdeas seems to be initialized using the return of some AJAX call (which couldn't execute bcoz of the secu excep), and as a result remain as undefined.
You must be missing some css and js which is not on the page but referred from somewhere else.
The most probable reason is that the CSS and the corresponding images that might be referred within it are not getting applied correctly.
Check the paths of the CSS and for the images (background) within the CSS...You might need to correct the paths to fix the issue.

Categories