There are a lot of posts about this topic but most of them are because IE doesn't set the attribute name
dynamically.
I'm having a different trouble: I post a form (created dynamically) with an iframe
as target
. The first time it works great. Then I do it for a second time and IE opens a new window with the result of form's submission. I'm pretty sure it has to do with security issues because: if I create a simple HTML file
(instead of a HTA
) it works great. Also, if I run the same file that doesn't work locally (http://local.host/test.hta) it works great.
Any clue of whats going on or how can I fix it? Sadly its legacy code and I can't avoid using HTA
or iframes
and form submiting.
Here its the simple code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<HTA:APPLICATION
ID="oHTAGeneral_v5"
APPLICATIONNAME="TEST"
ICON='Img/icono.ico'
SCROLL="no"
SINGLEINSTANCE="yes"
SELECTION='yes'
NAVIGABLE='yes'
SHOWINTASKBAR='Yes'
WINDOWSTATE='normal' />
<script type="text/javascript" src="http://code.jquery.com/jquery-1.2.6.min.js"></script>
<script type="text/javascript">
$(function() {
var url = "http://www.some-url.com/",
first = true;
$("#frame").unbind("load");
$("#frame").load(function(){
if (first) {
first = false;
$("#frame")[0].contentWindow.document.cookie = "testCookie=dummyValue";
$("<form></form>")
.attr("target", "frame").attr("method", "POST").attr("action", url)
.css("display", "none")
.appendTo($(document.body))
.append('<input type="hidden" name="dummy" value="dummy" />')
.submit();
return;
}
// Other stuff
});
$("<form></form>")
.attr("target", "frame").attr("method", "POST").attr("action", url)
.css("display", "none")
.appendTo($(document.body))
.append('<input type="hidden" name="dummy" value="dummy" />')
.submit();
});
</script>
</head>
<body>
<iframe id="frame" name="frame" width="200" height="50"></iframe>
</body>
</html>
You can try to use
application="yes"
attribute withiniframe
tag. Iframes without the said attribute are considered as unsafe in HTA, and all interaction between iframe and main window is blocked.