Home arrow static arrow Java Programming [Archive] - Problem with latest IE update
Warning: Creating default object from empty value in /www/htdocs/w008deb8/wiki/components/com_staticxt/staticxt.php on line 51
Java Programming [Archive] - Problem with latest IE update
This topic has 6 replies on 1 page.

Posts:2
Registered: 3/31/04
Problem with latest IE update  
Aug 3, 2004 9:16 AM



 
Hello to all ...

Yesterday, before I made the latest update for internet explorer KB867801 I have an applet that makes a request like this:

getAppletContext().showDocument(new URL(javascript:appletSizedWindow("/APP",621,518)));

It just open another applet in a new window.
Until I made the update this request works fine, it opens a javascript function, but now it don't. I tried to remove the update and it works again. Someone with the same problem or with any solution.

Thanks to all ...
 

Posts:19,725
Registered: 9/26/01
Re: Problem with latest IE update  
Aug 3, 2004 10:03 AM (reply 1 of 6)



 
Sounds like the hotfix addressed a security violation. Your applet should not be able to navigate to a different URL (host) other than the one from which the applet came. The URL "javascript:yadayadayada" wouldn't be from whence the applet came. Just a guess.
 

Posts:19
Registered: 8/3/04
Re: Problem with latest IE update  
Aug 3, 2004 11:50 AM (reply 2 of 6)



 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0549

This mentions some info about the vunerability, perhaps this is the problem?
 

Posts:4,500
Registered: 17.04.98
Re: Problem with latest IE update  
Aug 4, 2004 12:08 AM (reply 3 of 6)



 
http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx is probably what you need to look at.
 

Posts:14,142
Registered: 99-04-02
Re: Problem with latest IE update  
Aug 4, 2004 7:33 AM (reply 4 of 6)



 
Sounds like the hotfix addressed a security violation.
Your applet should not be able to navigate to a
different URL (host) other than the one from which the
applet came. The URL "javascript:yadayadayada"
wouldn't be from whence the applet came. Just a guess.

That's not quite right. The applet cannot connect to a server other then the one that served it (without being signed or changing the policy file). But showDocument() is not limited by that requirement, as it's not the applet opening anything. It's used to tell the browser "go here", just like clicking a link on the page would.

There should be no security issues here, unless it's specific to disallowing calling Javascript URLs for some reason.
 

Posts:14,142
Registered: 99-04-02
Re: Problem with latest IE update  
Aug 4, 2004 7:38 AM (reply 5 of 6)



 
I should say that showDocument() should not (was not meant to) have such restrictions imposed on it. Of course, the browser could possible reject Javascript URLs, I suppose. But this shouldn't have a problem either. Based on the standard Javascript security restrictions, the scripts cannot cross domains. So if the Javascript URL doesn't cross domains, it shouldn't be a problem.
 

Posts:2
Registered: 3/31/04
Re: Problem with latest IE update  
Aug 4, 2004 8:01 AM (reply 6 of 6)



 
Hello to all ... Thanks for your help in this subject. I resolved this issue using the JSObject and then calling the javascript function in the call method

JSObject window = JSObject.getWindow(applet);
window.call("javascript method", "methos args");

Thanks to all
 
This topic has 6 replies on 1 page.