jump to navigation

Making ajax calls from opener bug in firefox February 21, 2007

Posted by maxmil in : Ajax,javascript , add a comment

I’ve stumbled on a problem using ajax in firefox. I have a popup window that when the user clicks the “Accept” button invokes a method in its opener and closes. Whatsmore the method called in the opener is an ajax call. In the popup the code looks something like this:opener.makeAjaxCall();
close();

The problem with this is that the XMLHttpRequest object that comes back from the call is empty. It turns out that this is a documented bug in firefox (https://bugzilla.mozilla.org/show_bug.cgi?id=317600). The problem is that the request object is incorrectly associated with the popup window rather than its opener.

Fortunately there is a work around for this that involves calling the openers method in a setTimeout. By using a setTimeout the call will be associated to the opener rather than the popup. The resulting code would look like this:opener.setTimeout('makeAjaxCall()', 0);
close();

Subverting Ajax January 13, 2007

Posted by maxmil in : Ajax,javascript,Security , add a comment

Security risks related to Ajax and ways to execute javascript using XSS.

http://www.wisec.it/vulns.php?page=9

http://www.wisec.it/rdr.php?fn=Projects/1158-Subverting_Ajax.pdf

Quooxdoo – Ajax framework and widgets October 11, 2006

Posted by maxmil in : Ajax , add a comment

http://qooxdoo.org/