Javascript child windows

I know this isn't a Javascript forum, but I hope any JS coders on here can help me out.  I am launching a child window from the parent window, setting a timeout from the parent, and then I am trying to check the URL of the child window to see if it has redirected (I know it sounds weird, but stay with me on this...).  But if I launch a popup window (with www.google.com as the child URL), and try to check the child location.href, I get a script error saying: permission denied.  It works fine if I launch a child window on the same domain as the parent window, but not if the domains are different.  Here's the code:

queryWindow = window.open( queryVars.url, 'queryWindow' );

function checkChildURL()
{
        // I get a permission denied error on this line!!!
    if ( queryWindow.location.href == queryVars.url )
    {
              // edited out
    }
}

// Loop for the specified number of seconds and then call the checkChildURL function
window.setTimeout( 'checkChildURL()', queryVars.time * 1000 );

Joe
Wednesday, June 30, 2004

It is a security violation if you try to access js code from other domain unless you digitally sign it.  i think IE, check based on domain name while Mozilla check domain name as well as IP address

new_one
Wednesday, June 30, 2004

new_one is correct about the security violations. That is what a lot of the cross-site scripting issues are about, allowing code from a different domain access code on another site. Because by rule of DOM, if you have access to document.location, then you have access to document, which means you have access to everything on the screen.

CF
Thursday, July 1, 2004

OK I understand that, but how would I check if queryWindow is on my same domain?  I can't test it against "undefined" or "null" because it's still a valid variable.  There must be a test I can perform beforehand, right?

Joe
Thursday, July 1, 2004

You might be able to do a try/catch block.

<html>
<head>
    <title>Window Test</title>
    <script language="javascript">
    var theWin;
    function openWin(){
        theWin = window.open('test.cfm','','width=400,height=300,menubar=yes,locationbar=yes,status=yes,scrollbars=yes,resize=yes');
    }
    
    function checkWinURL(){
        try{
              alert(theWin.document.location);
        }catch(e){
            alert(e);
        }
    }
    </script>
</head>

<body>
<form>
    <input type="button" value="Open" onClick="javascript:openWin()"><br/>
    <input type="button" value="Check" onClick="javascript:checkWinURL()">

</form>


</body>
</html>

CF
Thursday, July 1, 2004

Sorry, in that last message it should have been:

    <script language="javascript">
    var theWin;
    function openWin(){
        theWin = window.open('http://www.yourdomain.com/test.html','','width=400,height=300,resize=yes');
    }
    
    function checkWinURL(){
        try{
        alert(theWin.document.location);
        }catch(e){
            alert(e);
        }
    }

    function changeWinURL(){
        theWin.document.location = 'http://www.google.com';
    }
    </script>

<body>
<form>
    <input type="button" value="Open" onClick="javascript:openWin()"><br/>
    <input type="button" value="Change" onClick="javascript:chageWinURL()"><br/>
    <input type="button" value="Check" onClick="javascript:checkWinURL()">

</form>


</body>
</html>

CF
Thursday, July 1, 2004

Or you could attach an onUnload event...

Gary van der Merwe
Thursday, July 1, 2004

How about when you launch a new URL, you open a window to a page on your site that then loads the requested URL into a frame (or iframe)?  That way the new window and the frame containing the new page are still objects within your domain, and you can play with their properties.

Joe
Thursday, July 1, 2004

  Recent Topics

  Fog Creek Home