Is it possible for a signed Java Applet or Web Start app to write 开发者_StackOverflowto the DOM of an IFRAME under a different domain?
Does the fact that they're a signed applet/javaws allow them to ignore browsers' standard cross-browser security?
If this does work, how well is it supported across the major browsers?
Thanks!
EDIT:
My motivation is to add a browser plugin-like tool to third-party websites I don't control. It's not required that I use Java at all---any ideas or suggestions are encouraged.
No, Java, even signed Java applets, do not give JavaScript powers.
Java is not JavaScript, so Applets have no deals with IFrame transport. Applet run in JVM (e.g. Sun), JavaScript in browser JSEngine (Gecko)
So, forget about applets. If you think about browser plugin, take a look on FireBug, if you want crossbrowsing scripting, try javascript tag transport.
Applet manipulation of the DOM is done through LiveConnect, so I guess the browser JavaScript security should be in place and prevent you. You could, of course, hack around it. I don't know off hand how to go about that.
As ever, I suggest not signing code unless you really, really know what you are doing.
BTW Java Applets are able to communicate to javascript and vive versa.
Check out http://www.rgagnon.com/howto.html
JAVA APPLET:
import java.applet.*;
import java.net.*;
public class InJava4 extends Applet{
public void init(){
String msg = "Hello from Java (using javascript alert)";
try {
getAppletContext().showDocument
(new URL("javascript:doAlert(\"" + msg +"\")"));
}
catch (MalformedURLException me) { }
}
}
Javascript and HTML
<HTML><HEAD></HEAD><BODY>
<SCRIPT>
function doAlert(s) {
alert(s);
}
</SCRIPT>
<APPLET CODE="InJava4.class"
NAME="myApplet" MAYSCRIPT
HEIGHT=10 WIDTH=10>
</APPLET>
</BODY>
</HTML>
精彩评论