Display URL of FRAME2 in FRAME1

Forum Moderators: open

Message Too Old, No Replies

Display URL of FRAME2 in FRAME1

How to retrieve URL of external page

majjk

9:03 pm on Sep 2, 2004 (gmt 0)

Hi,
I'm having a page consisting of a frameset loading a local page as FRAME1 and loading an external page, whatever.com/greatpage.htm, as FRAME2. I would like to display the URL of FRAME2 (i.e. whatever.com/greatpage.htm) in FRAME1 by clicking a button or whatever.

The problem is - how do I get hold of this URL? I've been doing some research on this and the only thing I've found so far is a couple of people suggesting it's impossible because it's a security risk. I'm certainly no expert on this, but I just fail to see how it can be some kind of security issue.

Anyone got some ideas on this? I'd prefer to see my problem solved, but in case it's impossible, could maybe someone try to explain to me what this security risk is.

Regards

majjk

StupidScript

10:27 pm on Sep 2, 2004 (gmt 0)

Easy:

So the visitor loads your frameset, which has your page with who-knows-what kind of snooping code in it, and the login page for another site in the lower frame.

The visitor types in their UID and password and hits the "Login" button.

The lower frame redirects to:

[login.somesite.com...]

If the page in the top frame were allowed to "see" the URLs moving through the lower frame, you could capture all sorts of data which may or may not be sensitive. At the very least you could track where they went after your frameset, and make some assumptions or sell the accumulated data or whatever.

If the domain is not YOUR domain, you have no right to see what is going on in there.

majjk

9:33 pm on Sep 14, 2004 (gmt 0)

Yeahh... I see the problem here.

Thanks