Javascript secirity problem

[pcurran]

I am having a Java script problem that appears to be a security issue. however, I do not know enough about Javascript security issues to resolve it. Can some explain the problem to me, and perhaps a workaround?I am loading an HTML. The first line of the onload function istop.Xx = new Object();(I am pretty sure it is this line that is failing, or perhaps the next one that assigns a value to a property of this object.)This works fine when I load the code and HTML from local files. However, when I load them from a server, I get the error message (Firefox V2.1):Error: uncaught exception: Permission denied to get property Window.Xx(Why this has a capital "W" in Window, I don't know, but I presume it refers to the global object "window," which is equivalent to "top".)Can anyone tell me what the problem here is? Thanks for any assistance.

[LittleSam]

I don't think that this is the particular line that's failing. Creating a new attribute for an existing object (Window or Top) and giving it a value isn't necessarily illegal:

<html><head><title>Security test</title><script type="text/javascript">function doOnload() {	top.newProperty = new Object();}</script></head><body onload="doOnload()">This tests adding a property to an existing object, top.</body></html>

The "Uncaught exception" means you tried to do something that's illegal for a browser to do. There aren't many things that will do that. One of the most common is trying to access anything in another window where the location isn't on the same domain.The problem might be easier to solve if you post your code.That being said, you can use a try/catch block to catch the error, then deal with it accordingly.You can see a w3schools.com example here.Let me know how that works out.

[pcurran]

Thanks. I reduced my onload function to the one line I posted, and it failed.I think the problem relates to the "server of origin" security constraints. I am only using one server, but different subdomains in a way that seems to be illegal - I don't fully understand the constraints involved. I have tried a few work arounds without success, but I think I am getting closer.