Understanding 3rd party iframes security? -

-

facebook , others offer little iframe snipplets can put in site. example:

<iframe src="http://www.facebook.com/widgets/like.php?href=http://example.com"         scrolling="no" frameborder="0"         style="border:none; width:450px; height:80px"></iframe>

what i'd know is, if put code inside side, code load page access dom of page? see security isssues if so.

likewise facebook allows me put iframe site, how facebook applications work. mine data off page contains iframe?

note used facebook example here, many companies same thing quesiton not specific facebook in way not tagging such.

also can parent page access dom of iframe?

actually there specific rules of inheritance iframes. apart of same-origin policy, , highly recommend reading entire google browser sec handbook.


Comments

Post a Comment

Popular posts from this blog

windows - Why does Vista not allow creation of shortcuts to "Programs" on a NonAdmin account? Not supposed to install apps from NonAdmin account? -

-
i'm working on installer (using wise installer, older version 1999). i'm creating shortcut in programs group exe. i'm creating shortcut on desktop. if install run admin account, create shortcut on common desktop , common program group (i.e., read hkey_local_machine\explorer\shellfor users). if it's installed nonadmin account, install hkey_current_user's desktop , program group. behavior install on: xp nonadmin - desktop , program shortcuts install ok. vista admin - desktop & program shortcuts install ok. vista non-admin, uac off - desktop shortcut installs, program shortcut not . however, program group folder they're supposed installed does created. at end of install, launch program group has shorcut. launches in of above. can manually drag shortcut folder , works fine. i'm bloody baffled. i've tried installing other commercial apps (opera, foxit, firefox) firefox install under nonadmin (and if select other program files,...
Read more

c++ - How do I get a multi line tooltip in MFC -

-
right now, have tool tip pops when hover on edit box. problem tool tip contains multiple error messages , in 1 long line. need have each error message on own line. error messages contained in cstring new line seperating them. my existing code below. bool ontooltiptext(uint, nmhdr* pnmhdr, lresult* presult) { assert(pnmhdr->code == ttn_needtexta || pnmhdr->code == ttn_needtextw); // need handle both ansi , unicode versions of message tooltiptexta* pttta = (tooltiptexta*)pnmhdr; tooltiptextw* ptttw = (tooltiptextw*)pnmhdr; // tchar szfulltext[256]; cstring strtiptext=_t(""); uint nid = pnmhdr->idfrom; if (pnmhdr->code == ttn_needtexta && (pttta->uflags & ttf_idishwnd) || pnmhdr->code == ttn_needtextw && (ptttw->uflags & ttf_idishwnd)) { // idfrom hwnd of tool nid = ::getdlgctrlid((hwnd)nid); } //m_errprojaccel[ch] contains 1 or more error messages each...
Read more

unit testing - How to mock PreferenceManager in Android? -

-
i've written class using context , third party library , sharedpreferences preferencemanager . it's possible mock context , third party library can mocked using mocking framework, preferencemanager ? i have 2 methods: public void savestring(thirdpartyobject obj) { sharedpreferences apppreferences = preferencemanager.getdefaultsharedpreferences(mcontext); sharedpreferences.editor editor = apppreferences.edit(); editor.putstring(mcontext.getstring( r.string.preferences_string_name), obj.getstring()); editor.commit(); } and corresponding, loads preferences. it doesn't want mock instance of preferencemanager (which used in preferencefragment or preferenceactivity ). you want either: a mock sharedpreferences , in case can mock context#getsharedpreferences (which called preferencemanager#getdefaultsharedpreferences anyhow). you'll have make mock sharedpreferences.editor if preferences edited, above. know how moc...
Read more