locked
Cross window scripting RRS feed

  • Question

  •  

    Hej CRM Developers.

     

    I'm currently have a problem regarding cross site scripting.

     

    In CRM I open a window that loads some stuff from a webservice, this page then returns the value to CRM through the following code.

     

    window.opener.crmForm.all.item(streetField).value = streetValue;

    window.opener.crmForm.all.item(streetField).ForceSubmit =  true;

     

    The code works fine as long as the webpage is a virtual folder in the CRM site.

     

    The problem is the customer has several CRM installations and to reduce maintenance we want to place the page on a seperate server that all crm serveres can access. When i do the the above code just stops all Jscript execution on the page and nothing happens.

     

    I'm guessing that it is the IE stopping it to protect the user. But both sites are trusted and in the Intranetzone, so it should be allowed.

     

    Any work arround for this?

     

    Thanks in advance.

     

    Peter Toftager-Larsen

    Senior CRM Consultant

    AlfaPeople A/S

     

    Friday, February 15, 2008 10:52 AM

Answers

  • Hi.

     

    Try passing the window object ( the opener ) to the external window like this.

     

    Code Snippet

     

    var externalWindow = null;

     

    //called from isv.cofig

    function OnExternalPageClick()

    {

         externalWindow = window.open( [url] , [name] , [features] );

         externalWindow.onload = OnExternalPageLoad;

    }

     

    function OnExternalPageLoad()

    {

         externalWindow.opener = window;

    }

     

     

     

    Basically, if the external window does not know nor has permissions to refer to his opener then the opener can

    Fill this object for him.

     

    Try it out and tell me if you need more assistant.

     

    Cheers,

    Adi

     

    Friday, February 15, 2008 1:47 PM

All replies

  • Hi.

     

    Server Solution:

    Create a Virtual directoy Under each crm iis application.

    Point The VD to the remote server witch is hosing your page.

     

    Client Solution:

    Check that the host for the remote page is in the "Trusted sites".

    Check that the IFRAME Disable Cross scripting in the customization is not checked.

     

    if this does not work you can always chenge the direction of the js code.

     

    Code Snippet

     

    var externalWindow = window.open( [url] , [name] , [features] );

         externalWindow.onload = OnExternalPageLoad;

     

    function OnExternalPageLoad()

    {

         externalWindow.document.all.crmForm.all.item(streetField).value = externalWindow.streetValue

         externalWindow.document.all.crmForm.all.item(streetField).ForceSubmit =  true;

    }

     

     

     

    Hope this helps,

    Adi

    Friday, February 15, 2008 12:03 PM
  • Hi Adi.

     

    Thanks for your answer, but that does not quite do it.

     

    Server Solution:

    Could work, but i prefere not to have the VD on alle CRM servers, but if it cannot be done any other way, this might be the solution.

     

    Client Solution:

    The site is already in the trusted sites, but the function does still not work.

     

    Changing direction of the code is unfortunately not a option, due to the fact that there is no fields on the page that can be accessed.

     

    Maby explaining an eksample of the code will clarify the problem:

     

    On a account I fill out the zipcode. I click on custom button wich opens the window. If the window (access a webservce) can find a city matching the zip code, the codesnippet from above is executed and the city is filled out on the crmform.

    If it can't find the city it will list possible cities and when the user clicks on a row, the city the field will be filled out on the CRM form.

     

    When doing this with a IFrame i can just uncheck restrict cross frame scripting, this should be possible for new windows to?!?

     

    I really hope this is possible to work arround, but it might just not be possible in IE.

     

    Thanks in advance.

     

    Peter

    Friday, February 15, 2008 1:14 PM
  • Hi.

     

    Try passing the window object ( the opener ) to the external window like this.

     

    Code Snippet

     

    var externalWindow = null;

     

    //called from isv.cofig

    function OnExternalPageClick()

    {

         externalWindow = window.open( [url] , [name] , [features] );

         externalWindow.onload = OnExternalPageLoad;

    }

     

    function OnExternalPageLoad()

    {

         externalWindow.opener = window;

    }

     

     

     

    Basically, if the external window does not know nor has permissions to refer to his opener then the opener can

    Fill this object for him.

     

    Try it out and tell me if you need more assistant.

     

    Cheers,

    Adi

     

    Friday, February 15, 2008 1:47 PM
  • Hi Adi.

     

    I'll try this during the week and let you know if it worked.

     

    Thanks.

     

    /Peter

    Monday, February 18, 2008 10:22 AM