[webkit-dev] Disable Javascript security warnings?

Adam Barth abarth at webkit.org
Mon Sep 12 19:33:41 PDT 2011


There is a setting to disable security.  I'm not sure whether it is exposed
in the API you're using.

Adam
 On Sep 12, 2011 7:13 PM, "Devara, Kavitha" <kdevara at quicinc.com> wrote:
>
> From your javascript, perhaps you can set the "referring URL" in the HTTP
Headers of the request( to get IFrames) to " http://www.google.com",
> or whichever URL you are requesting the frames for? You will have to
create your own XHR object for the HTTP Request.
>
> Thanks,
> -Kavitha
>
> From: webkit-dev-bounces at lists.webkit.org [mailto:
webkit-dev-bounces at lists.webkit.org] On Behalf Of Rob Crowell
> Sent: Monday, September 12, 2011 6:42 PM
> To: webkit-dev at lists.webkit.org
> Subject: [webkit-dev] Disable Javascript security warnings?
>
> Hey all,
>
> I'm working on a web scraper that embeds WebKit directly (via pyWebKitGTK
if it matters, though I don't think my question is specific to that
library). I'm trying to extract image metadata (domains, dimensions,
location on the page, etc) from a page, including any iframes that are
embedded there.
>
> Because WebKit already knows everything about the data I want (image
dimensions, position on page), I'm extracting content by executing
javascript via the webkit_web_view_execute_script call described here:
http://webkitgtk.org/reference/webkitgtk-webkitwebview.html#webkit-web-view-execute-script
>
> My javascript works when the iframes are on the same domain, but fails
(obviously) when they're not. How can I disable the "Unsafe JavaScript
attempt to access frame with URL http://www.google.com/ from frame with URL
http://10.0.0.50/js_test.html. Domains, protocols and ports must match."
error message?
>
> I've come across the WebKitSecurityOrigin object and I've been able to
extract the host/port/protocol of my current page, but I haven't found a way
to spoof this mechanism...
>
> I know too that Chrome has the --disable-web-security flag, but I can't
quite put my finger on what I need to do to replicate this functionality
when working with WebKit directly.
>
> Can anyone offer a pointer or suggestion?
>
> Thanks so much!
>
> --Rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20110912/4b49e6dc/attachment.html>


More information about the webkit-dev mailing list