Thanks in advance --
I have a page that has 1 iframe. From the parent page I am sending JavaScript commands to the iframe - which works fine using, e.g.,
Is the above code a concern re: security issues? I know sending java between 2 iframes on the same page runs into domain security issues which I can't afford to risk (my project is to be uploaded on a server in England which I am unfamiliar with but could contact their IT people if needed).
Would it be best to not take a chance and eliminate iframes altogether? My guess is that since the javascript will be transferred from the parent to the child iframe that this shouldn't be too much of a cause for concern but maybe it is.
To add a few more details here is what I am doing. I have a Jmol molecular applet in the child iframe. This applet works best that way and doesn't interfere with formatting, etc on the parent page - so I'd rather go this route - however, if this approach could be a security risk I'd rather tackle other issues.
For completeness, the receiving function embedded within the iframe htm is as follows:
By tracking the value I can turn the molecular spin on or off. So no problems, works like a charm - though I am leary of potential security issues at the server level.
I have a page that has 1 iframe. From the parent page I am sending JavaScript commands to the iframe - which works fine using, e.g.,
Code:
<input name="chkS" id="chkS" type="checkbox" value="0" onclick="javascript:parent.jframe.spin();"/>SpinIs the above code a concern re: security issues? I know sending java between 2 iframes on the same page runs into domain security issues which I can't afford to risk (my project is to be uploaded on a server in England which I am unfamiliar with but could contact their IT people if needed).
Would it be best to not take a chance and eliminate iframes altogether? My guess is that since the javascript will be transferred from the parent to the child iframe that this shouldn't be too much of a cause for concern but maybe it is.
To add a few more details here is what I am doing. I have a Jmol molecular applet in the child iframe. This applet works best that way and doesn't interfere with formatting, etc on the parent page - so I'd rather go this route - however, if this approach could be a security risk I'd rather tackle other issues.
For completeness, the receiving function embedded within the iframe htm is as follows:
Code:
function spin(){
var int = document.getElementById('txtspin').value;
if (int==0){
document.getElementById('txtspin').value = 1;
jmolScript('spin off');
}else{
jmolScript('spin on');
document.getElementById('txtspin').value = 0;
}
}By tracking the value I can turn the molecular spin on or off. So no problems, works like a charm - though I am leary of potential security issues at the server level.