Skip to main content

Problem with jMaki and frames.

1 reply [Last post]
Joined: 2005-07-07

I have a project in which uses the Yahoo! DataTable. As part of this application, I am loading up an iFrame with an application from the same server, but different context within Tomcat and also a different protocol (https instead of http). This application that is being loaded into the iFrame also contains jMaki widgets. When this application loads it throws an error, because it does not have permission to talk to the "parent" window. Both applications work correctly when they are together. I know the security issue I am hitting (link posted below). However, in order to work around this, I will have to change the jMaki source code to not check the "parent" window for the jMaki instance. Please consider allow some sort of flag or something to not load from the parent source and use the local source.

Blow up section:
if (window !={
var bu = true;
if (isDefined(bubbleUp)) bu = bubbleUp;
// This blows up with permission denied.
// I really would like to bypass this code or just publish to local scope.
if (bu && window.parent.jmaki){
window.parent.jmaki.publish("/global" + name, args, false, true);

link to security:

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joined: 2003-07-31

Hi Bakarium,

We changes this functionality in jMaki version 1.8 which we will be pushing out for a general release this week.

We will only publish messages to frames created in same domain by jMaki.

In the future only dcontainers (jMaki created frame container) will get the events when it publishes to children as well.

Normal users should not see a difference other than there should no longer be these types of security warnings.