RE: MS Security update 891781 - Microsoft Security Bulletin MS05-0
From: Grover (Grover_at_discussions.microsoft.com)
Date: 03/03/05
- Next message: lee: "IPSEC SA is torn down ..."
- Previous message: Steve D: "RE: MS Security update 891781 - Microsoft Security Bulletin MS05-013"
- In reply to: Steve D: "RE: MS Security update 891781 - Microsoft Security Bulletin MS05-013"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Mar 2005 04:33:02 -0800
There is virtually no documentation on this from Microsoft, (only consumer
info, and not technical)- All of microsoft's documentation say that if you
change both pages to a second-level domain for the document.domain, then it
should function. There is one exception, which was another past security
update that stated the showModalWindow and dialogArguments needed to be in a
local variable and then change the document.domain, before passing. I was
able to workaround some of this by creating a local variable with a pointer
to the other object in the other domain (my second-level one), however, the
new MS "fix" seems to break that, as I get null objects back then. -No access
denied, no Permission denied, just Null objects. This was the same code as I
had working for a year.
Instead, what I have done is simply avoided the issue... I have taken any
cross-domain functionality that used to be in the dialog box page I created,
and moved it to it's calling page, that could deal with cross-domains. So, I
set the returnValue of the dialog page to an object with properties that I
wanted passed back for example, and do my code work there on the page after I
called showModalWindow(). I know it's not as pretty, but it's a workaround,
and it seems to work... well, almost...
now, randomly, it seems when I update the DOM object, when in the second
level domain, the calling page doesn't pass its updated contents(from a form)
from time to time. I am going to try again updating it using the
3rdlevel.2ndlvlDomain.com when the form is submitted, so maybe that will give
back the callingpage the rights to see it and pass it on. Like I said, it
seems to be a random thing, there's no consistency to when it happens. But,
for the most part, it's a workaround.
If you recall the code I had before from a past post, this is basically what
i've done to make that work...
> > document.domain = 'mydomain.com';
> > // code here
> > document.domain='myserver.mydoomain.com';
> > showModalDialog(calledPage, window, "dialogWidth:" + width +
> > "px;dialogHeight:" + height + "px;help:no;scroll:no;status:no");
document.domain = 'mydomain.com';
var oDOM = dialogArguments.objContent.DOM;
//get all of my properties from oDOM for dialog
var properties = new Object();
properties.value1=oDOM.whateverValueINeedInDialog;
properties.value2=oDOM.whateverValueINeedInDialog;
document.domain='myserver.mydoomain.com';
var returnValue = showModalDialog(calledPage, window, "dialogWidth:" + width
+ "px;dialogHeight:" + height + "px;help:no;scroll:no;status:no");
if (returnValue ) {
// Put code that takes returnValue and processes what I need done.
}
in dialog page:
var properties = new Object();
properties.value1 = txtForm1.value;
properties.value2 = txtForm2.value;
window.returnValue = properties;
window.close();
Good luck....
- Next message: lee: "IPSEC SA is torn down ..."
- Previous message: Steve D: "RE: MS Security update 891781 - Microsoft Security Bulletin MS05-013"
- In reply to: Steve D: "RE: MS Security update 891781 - Microsoft Security Bulletin MS05-013"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
