document.location in IE

[Brian W]

I'm writing an Facebook app and ran into an interesting problem. I'm using the iFrame option. I'm using a button with a onClick event to change the document.location with in FF works fine, but in IE it takes them away from facebook directly to the page on my server. I didn't expect Facebook would allow for something like this, but I can direct them away from Facebook entirely! First this shakes my trust in any Facebook application in the future as well as IE (just begging for phishing problems!).

Any ways, I want to know how to get just the iFrame's location to change as in how FF does it.

[ngreenwood6]

Im not quite sure what you are trying to do because that was a little vague, but couldnt you change the iframes source?

[Brian W]

Hmm, thought I had provided enough information.

Facebook allows you to pick between their markup language or use an I frame when developing an Application for Facebook users.

I chose to do an iFrame so I could use JS and not worry about learning there language. I've encountered a problem now with navigation in IE(8 + 8 compatibility mode) because I'm using document.location='pageToGoTo' to move the end user to a new page. Problem, in FF(3) the the iFrame's src changes which is how I intended it to work... in IE it takes the user away from Facebook to my website.

I could change the iFrame src if that is a possible solution, but how do I do that from within the iFrame?

 

Not important to my problem perse, but doesn't allowing the app to move a user away from Facebook un-knowingly a security hole for the user. Imagine an app that would at some random point move the user to a Facebook clone page that came up with the classic,well known message saying you needed to log in again. Viola, phished. I'm not sure how many users actually ever look at their url when they are prompted for private data... but I know it is a small percentage.

[KevinM1]

Have you tried something like

 

myFrame.src = "newpage";

 

??

 

Also, you should report your security concern with Facebook.

[ngreenwood6]

we are pretty much back to my original post to change the iframes source. you can try what nightslyr said or if you are using jquery it is something like this:

 

$("iframe").attr("src","newurl.html");

[Brian W]

I got the frame's id and tried to call it like this:

top.frames['theId'].location = 'thepage'

FF doesn't respond to it, IE acts like I simply said window.location.

I also tried:

top.frames['theId'].src = 'thepage'

and

theId.location = 'thepage'

 

I tried several more things, then I tried using the frame's name with top like:

top.iframe_canvas.location

which to me I think so far is the most promising but IE still treats it the same as window.location as well as FF (which is okay, FF functions as it should not surprisingly)

 

Thanks so far for everyone's input. Anymore ideas?

[ngreenwood6]

did you try:

 

theId.src = 'location';

[Brian W]

Yep  :'(

[ngreenwood6]

is there a url that i can see?

[Brian W]

http://apps.facebook.com/mylibsgame/

[KevinM1]

Try:

 

document.frames['frameName'].src = 'newURL';

 

Where frameName is the name (NOT id) of your iframe.

 

Similarly, obtain a reference to it with getElementById() and modify the src attribute through that.

[ngreenwood6]

you can try what nightslyr suggest or another not so nice solution would be to put an iframe inside of your iframe. you can then control that iframe inside of the page that you are creating.

[Brian W]

top.document.iframe_canvas.src = 'newLib.php'

This has been the most promising... IE tells me Access is denied. This is some really messed up stuff.

I sent Facebook's security team a message, but I doubt I'll get a response.