Linux Today: Linux News On Internet Time.

What is JavaScript? The Javascript Chronicles

Jan 28, 2009, 09:04 (0 Talkback[s])
(Other stories by Thomas Valentine)

"The Problem with Frames
When the first instances of frames were implemented on the Internet, it took all of two months for the first major security holes to open up and be recognized by the hacking community. To understand how frames were used to present a security hole is to first understand frames themselves.

"The way a web page renders frames is as follows:
A page with instructions for the frames to be rendered is loaded.
The addresses and particulars of how the frames will be rendered such as border properties and the placement of the frames themselves is given to the browser.
The documents that will be used to display the content of the frames are then loaded into the given frames.
The page is then rendered (displayed) to the browser window.

"Within this procedure is the ability to load and execute web pages from other servers on other domains. The JavaScript variables from one domain are available for examination and modification to the web pages from the other domains that are used within the other frames that make up the page. The first strategy to combat this problem was the Same Origin Policy, which was taken up by Netscape Navigator, Internet Explorer and Opera."

Complete Story

Related Stories: