I've seen this SO posting about using iframe's and doing postMessage: Metro App and iFrame cookie. I'm trying to do something very similar in Win8 Release Preview with an HTML/JS Metro application, but it seems rather impossible to replicate the behavior in that solution.
I have a simple frame stored in a remote location as:
<!DOCTYPE html>
<html>
<body>
<script>
window.onmessage = function(e) {
alert("Hello world");
debugger;
};
</script>
</body>
</html>
In my default.html I have a div that contains the iframe as follows:
<div id="container">
<iframe id="frame" src="https://dl.dropbox.com/u/75275447/win8Frame.html"></iframe>
</div>
I have an arbitrary button that executes a postMessage on #frame and would in a normal Html site trigger the remote frames onmessage, but instead I can look at the error list in VS and see:
APPHOST9613: The app couldn’t navigate to
https://dl.dropbox.com/u/75275447/win8Frame.html because of this
error: RESOURCE_NOT_FOUND.
I have tried looking into any manifest that might allow me to achieve this and enabled:
Home or Work Networking
Internet (Client & Server)
Internet (Client)
To no avail... I have also tried having a frame (local to the application) loaded into the web contenxt (via ms-wwa-web://) that contains a div that hosts the remote iframe and chain up onmessage to forward a postMessage to the remote iframe, but again I see another error:
APPHOST9624: The app can’t use script to load the
ms-wwa-web://frame.html/ url because the url launches another app.
Only direct user interaction can launch another app.
I'm beginning to think this is an impossible task.
The one piece of information I leave out as I considered it unrelated to this issue was an error found in the javascript console related to using Jquery that I found a solution in another SO post. Clearing up that issue now allows the app to load the remote iframe and I can press the button and see the message reach the remote iframe's javascript (in my case I see alert() being undefined, but I was just trying to prove that I could load and execute remote code).
I guess the moral of the story is clear up related javascript console errors...
Related
Scenario: Our client, Epic, requires all their vendors to run web applications within their own application called "Hyperdrive" - which in turns runs everything within an iframe.
So in essence all of their internal clients access my Angular web app within an iframe running in Hyperdrive.
It's mostly running as expected, except for a few features. One is where we render a PDF file within our own iframe. This gets BLOCKED with a cross-origin error.
Here's the Html markup for the iframe:
<iframe width="100%" height="100%" [src]="secure_url" frameborder="0"><iframe></iframe></iframe>
The weird thing is that it's NOT loading from a separate origin. The domain is the same.
Yet I can't load the contents of my iframe.
Running the Epic tool locally on my box, here is says "SAME ORIGIN" - i.e. devapp01.to...hy.com
I am currently working on an ASP.NET Core application with Razor pages. The API endpoints are hosted in pre-production server. When I get an image link which is stored in the same server as the apis, through api, and want to display it in the razor page the image can't be shown due to ERR_SSL_PROTOCOL_ERROR. When I inspect element and get the src of the image tag and open it in a new tab it will open. Also if I use that source in a html page it still opens. Since the pre-production server does not have ssl certificate configured, is there any chances the PageModel abstract class of the razor page to have any validation on that, since it is working on plain html?
EDIT:
I am providing from the API the image tag as html:
<a href ="http://imagesourceIPExample">
<img src="http://imagesourceIPExample">
</a>
I am getting that string from an ajax request
$.ajax({
//ajax call params,
success: function(data){
$(`#messageDiv`).append(data.message);
}
}).
Now when I inspect the page and click the link in the anchor tag I would open fine. Also if I click it from the view. But the image isn't showing and the console shows that SSL_PROTOCOL_ERROR. And image link is http.
First of all, razor PageModel doesn't validate image loading.
It seems like you are working with secured https site and then when you append plain http image links, browser refuses to load them due to its Mixed Content policy. But when you load image in a separate window it will load just fine because the "mixed content" problem is gone, you load only http resource, no https involved.
Consider converting you image links to https, it should fix the problem.
Consider an Electron application with a GUI like this:
<body>
<div><!-- anything here --></div>
<iframe id="frame" src="document.html"></iframe>
</body>
The iframe element loads a local file from the app's root directory.
When I start the app (npm start), everything works fine. But if I use the "Force Reload" option to see the changes I made without restarting the app, I suddenly bump into a cross origin problem.
The symptoms:
1) The iframe is listening for changes in the app's localStorage.
let frame = document.getElementById("frame");
frame.contentWindow.addEventListener("storage", function(e) {
// do something
});
After "Force Reload", I get the following error: Uncaught DOMException: Blocked a frame with origin "file://" from accessing a cross-origin frame.
2) If I try to access the contentDocument of the iframe, I get null.
console.log(frame.contentDocument); // -> null
The strange thing is, none of these happen when I start the app, only after I reload it.
Any ideas? Am I doing something wrong, or is it a bug in the latest Electron (5.0.7)? I had no problem with older versions, but I don't know if it's an intended change or a bug, or my mistake.
I have a security problem in my website. A script code was added into my all pages like "<script src="Ip address/viewpic.asp"></script>" . It is between </head> and <body> tag. Now Google says "this site may be hartful for your pc!" about my site. How can i secure my website? I use C# and Visual Studio 2008.
You have been hacked. This code that has been added to your site is trying to hack web browsers that visit your site.
This could have happened a number of ways. The easist thing for you to do is to download an anti-virus like AVG and scan any machines with access to the site. There is malware that looks for FTP connections, it grabs the username/password then logs in and modifies files it finds. You should be using SFTP which can be installed under windows, FTP is only used by people who don't know any better or love to get hacked, or both.
The more complex possibility is that there is a vulnerability in your site. This requires a professional (Like me) to track down and fix. Acunetix can help find flaws in your site, but this might not find the vulnerability that was used to break in.
Edit: Assuming that the script is your own and not malicious:
You should not have any code between </head> and <body> - Otherwise you have got a <script> tag as a direct child of <html> which is not allowed.
Put the <script> tag inside <body> at the correct place where you want the script to execute, to correct the structural issue but you need to provide some more information about the exact error messages you are seeing about security as I'm not aware that Google shows error messages within its search listings and I dont have Google Toolbar installed to know what that does; but I don't believe it has typos in it ;)
So please provide more information about the exact security warnings once you've fixed - and validated (with the W3C Validator) - the structure of your HTML.
Edit: If the script is not intended to be there and has appeared outside of your desire:
Have a look in the HTML source where the script is present; and compare to your own ASPX pages to find out where the script is appearing. If it is being rendered by one of your controls you need to examine where the value is coming from. If it is a database, you need to focus your attention on what gets the information into the DB in the first place. If the script is injected and not into one of your controls then you should talk to your ISP I would think.
I am trying to run a simple ASP.Net Web Application/Site on Vista Box. Unable to run any JavaScript when I hit F5. However when I deploy the same to local IIS and call the application using IE8 this application works and the JavaScript executes.
Another observation, when I copy the URL (example: http://localhost:XXXXX/yyy/Default.aspx) to a new tab within the same instance of IE8, this same happens. JavaScript do not run.
But when I browse the same application using another instance of IE8 the application runs well, meaning JavaScript executes properly. where do I set it or override it. Please help
I am suspecting that its something to do with the Instance of VS2008 running on vista home premium, so in all the above failure cases I was running VS2008 as an Administrator.
Please help and let me know how to resolve this. Thanks in advance.
Had the same problem. Settings in IE9 had been modified.
Tools ==> Internet Options ==> Security Tab ==> Intranet icon ==> Custom Level Button ==> almost all the way down to the bottom, Scripting ==> Scritpting of Java Applets ==> Enable radio button.
In my case, it had been switched to Prompt. Stopped Cassini from executing Javascript.
And thank you to Mr. Matthew Ward for pointing it out to me! Almost all of the options are locked out for us, so I have no idea how this changed.
Odd thing is, running against the IIS server on my box, the javascript worked.
Couiple thoughts
1) your instance of IE8 might have JS turned off
2) path issues (as suggested by Jared)
3) the "local path" issue; some browsers block Js that appears to be running from disk (might be a setting in your IE 8 to fix.
My blind guess would be that there is some problem with the path to your javascript files. If you could post the .aspx file that has the javascript that isn't running it would help a lot.
UPDATE: Thanks for the comment with the html, you should consider adding it to your question.
This problem sounds like a timing related issue to me (and your html doesn't seem to have any issues) so here is what I think will help:
1) Move the following code to the bottom of the page.
<script type="text/javascript">
$(function() {
$("#accordion").accordion({ collapsible: true });
});
</script>
2) Don't use relative URLs for your script/css tags. So your <script> tags should look like:
<script src="/Scripts/jQuery/jquery-1.3.2.js" type="text/javascript"></script>
<script src="/ui/ui.core.js" type="text/javascript"></script>
<script src="/ui/ui.accordion.js" type="text/javascript"></script>
3) consider using a minified version of Jquery and the other script files to reduce load times for them. Also, you might want to consider using a CDN hosted version of Jquery (from google, or microsoft).
If none of these suggestions work I would suggest posting the HTML for the entire page into your question.