Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
entermix2015-05-17 20:25:46
JavaScript
entermix, 2015-05-17 20:25:46

Why is the access denied?

TinyMCE + Elfinder is installed on the site

Elfinder is loaded in a frame, after downloading the desired file, a link to it is inserted into the editor in this way:

// pass selected file path to TinyMCE
parent.tinymce.activeEditor.windowManager.getParams().setUrl(file.url);

// close popup window
parent.tinymce.activeEditor.windowManager.close();


Everything works fine, but the site needed to install Dklab_Realplexor :

<script type="text/javascript" src="http://rpl.mydomain.com/?identifier=SCRIPT&<?=time()?>"></script>
<script type="text/javascript">
    $(function () {
        var realplexor = new Dklab_Realplexor('http://rpl.mydomain.com/', 'test_');
        realplexor.subscribe("Alpha", function(data) { alert("Alpha: " + data) });
        realplexor.execute();

    });
</script>


As soon as the Dklab_Realplexor connection is started, when adding a link to tinyMCE, this error:

Error: Permission denied to access property "tinymce"
parent.tinymce.activeEditor.windowManager.getParams().setUrl(file.url);

Those. For some reason, there is no access to the parent element. Why is there such a conflict? How can I fix it?

I understand that Dklab_Realplexor (judging by this script ), creates its own invisible frame, is this the reason?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
Coderast, 2015-05-17
@Coderast

Those. for some reason I can't access the parent element

Because there is no permission to access the parent element.

Report
A
Andrey Dyrkov, 2015-05-17
@VIKINGVyksa

The sandbox attribute may contain a space-separated list of restrictions that are not needed:
allow-same-origin
A browser may not consider a document in an iframe to be from another domain. If the iframe is already from another domain, then nothing changes.
allow-top-navigation
Allows the iframe to change parent.location.
allow-forms
Allows submitting forms from an iframe.
allow-scripts
Allows the execution of scripts from the iframe. But scripts, nevertheless, will be forbidden to open popups.
The purpose of the sandbox attribute is to impose additional restrictions. It cannot remove existing ones, in particular, remove security restrictions if the iframe is from another source.

<iframe src="URL" sandbox="allow-same-origin || allow-top-navigation || allow-forms || allow-scripts"></iframe>

Similar questions
A
Alexander Kovalchuk2015-07-16 15:06:31
How to set a template for numbers in Angular? 3Reply
E
Evgeniy V.2017-07-05 08:34:19
Problems with the feedback form, how to fix it? 7Reply
Z
Zibaguga2019-12-04 08:52:22
Is it possible to export only rows edited/added on a certain date from Google Sheets? 2Reply
D
Dmitry Vyatkin2015-07-31 06:21:55
How to turn list values ​​into querystring in Django? 3Reply
N
Nikolay Semenov2017-07-11 14:10:11
How to upload photos to the site through a webcam? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question