Very strange JavaScript error - javascript

So all this time I had no problem with this script. But all of sudden today, it began to behave strangely.
So I have a JavaScript page that loads inside an iframe.
This is injected into a page loaded via proxy.
$(top.document).ready(), throws an error saying Permission denied...
I was surprised, so I decided to try load a different page.
Then it was no longer complaining.
I rebooted my computer, and when I first loaded a page via proxy, as the iframe containing JavaScript was injected into that page, I got the same error again.
What is happening? Is this a problem on my server or my computer?

http://en.wikipedia.org/wiki/Same_origin_policy

As the error says, there is a permissions problem and it likely has nothing to do with an error your computer, server, or otherwise, but is a design limitation/security feature of JavaScript.
JavaScript is able to access and/or alter other documents (e.g.: windows) other than its own (the one it is being executed fro) if that document comes from the same host. This is known as the "same origin policy."

Related

Receive then implement .js files from server in a chrome extension

I have a chrome extension that, when clicked, needs to display a modal to the user. For convenience we would like to pull all the necessary code for the modal from a server and then execute the JavaScript in the context of the extension, before displaying anything to the user.
(running a Node.js server)
Is there a way to do this?
If not, any suggestions on alternative routes we could take?
cheers!
Have a read through https://developer.chrome.com/extensions/contentSecurityPolicy
In short - it's possible, but you need to serve the script over HTTPS, or else Chrome will reject the origin. You also need to explicitly write the CSP in the manifest.
"Convenience" is a strange word to use here though. What if the network is flaky or slow?

How do you log to the error console from untrusted Javascript?

In Chromium, 'console.log()' lets you print to the error console, but only from javascript embedded in the html, or in a .js file on the local machine.
What are your workarounds for debugging Javascript that is contained in .js files on a remote machine and included in a page?
Add breakpoints and / or watch expressions.
See http://code.google.com/chrome/devtools/docs/scripts-breakpoints.html
I recently had to do this with a Facebook SDK javascript, hosted by Facebook. I downloaded the script and hosted it locally for debugging. I could then add in all the console.log messages I wanted.
When everything was done I removed the local file and returned to Facebook's hosted script.
Phil's suggestion of breakpoints is also very useful when you want the value of a variable at a specific location in the code.
Another useful technique for code executed upon a user action, such as a button click, is to use the Scripts tab of the Chrome inspector, or FireBug in FF, to edit the javascript prior to execution. I've had limited use for this, but it's quite useful from time to time.
The problem is cross-domain security policy. Only javascript from the domain of the html file can use console.log

How to suppress javascript exception?

In my application i am getting the content of some other domain's page. Along with the content it is running the javascript associated with the particular page. In the javascript code "document.selection.createRange()" is written which is throwing exception at run time in IE (since in IE due to security concern you can't change iframe's data or the reverse).
So my question is how to suppress the exception.
Thanks in advance :)
You can do this in jQuery by using a load with a page fragment.
If .load() is called with a selector expression appended to the URL,
however, the scripts are stripped out prior to the DOM being updated,
and thus are not executed
Be aware though that this will only work if the other domain allows your domain access via CORS http headers.

jQuery load() throws "permission denied" error in IE

I'm loading a page through AJAX with jQuery's load() function. It doesn't work in IE8, giving the "permission denied" error. Using the IE debugger, it seems that when jQuery tries to open up the xhr, ie blocks it.
The problem is, my page has a javascript src that points to bing maps js api (which of course is in a completely different domain than mine). It seems to me that IE tries to grab this js file through a xhr, which then throws the "permission denied" error. Is there a workaround for this?
I can only remember of downloading the bing maps js myself and serving them locally.
I did more test on this. And seems the error was caused by invalid HTML structures on the page. As it is a very complicated page, there are mismatched open <div> or <table> on the page, as when I shorten the page to bare minimum, it works on IE as well. But I don't understand why it was not working when you get to the page first time, and if you refresh the page, it will work after that.
I just had this problem and I posted my solution on this thread:
jQuery AJAX problem in IE7 (possibly other versions as well)
I eventually grabbed a copy of the script and include it myself, so it is in the same domain.
You could include the script tag to the Bing Maps API in the parent document (the one making the jQuery load() call).
Just for the reference:
I experienced this error on Windows 8 with IE 10 inside my WinForms application.
In this application, I'm hosting a WebBrowser control that loads its content from a built-in web server and also communicates via window.external with my host WinForms application.
Enough keyword fishing.
Getting this error
Now what happens to get this jQuery error in my application was:
Browser has successfully loaded an URL.
I programmatically loaded another URL.
Then I immediately opened a child form with Form.ShowDialog.
After closing this form, the jQuery error was shown.
Resolving this error
I resolved the error by postponing the opening of the child form until the application was idle.
I.e. I used a Queue list inside my main form, subscribed to the Application.Idle event and inside this event handler, I processed the queue, one by one.
The new steps now were:
Browser has successfully loaded an URL.
I programmatically loaded another URL.
Put the action to open the child form inside the idle queue.
When the idle queue is processed, it opens the child form.
Then, the error was gone.
I guess, instead of using this idle processing, I also could have waited until the web browser finished its loading by subscribing to the DocumentCompleted event and show the child dialog from there.
Hope this will help someone...

Javascript same origin security issue

I learned the Javascript concept of same source of origin, which means Javascript code could only access the host where it is downloaded from.
My confusion is, I have developed Javascript code, store the code locally into a .js file and call Javascript code from another local html file. When I use IE to open the local html file, I find the Javascript could access any host, like Google and Bing.
Here is my code. My confusion is, seems the Javascript same original security restriction does not apply to locally running Javascript?
Javascript XMLHttpRequest issue
thanks in advance,
George
The same origin policy means that xmlhttp requests can be done to the same domain from which the js is loaded and executed, it is enforced by all browsers, also, if you are developing ajax code, there is no sense in executing it from a different domain from the one you will load the pages.
IE makes some exceptions on the SOP from local files, but these are edge situations and you shouldn't bother with them.
When you say 'access any host' what do you mean?
Do you mean that you receive notification of when your code loads a URL on google, or do you mean you can interrogate the HTML DOM of the page that loads.
I very much doubt you can do the later. I recall from experience doing this (a while ago mind) that receiving notification that a page has loaded should be possible - it's just that you simply can't see or modify anything ON that page.

Categories