Another IFRAME issue with MCMS


I previously wrote an article that discussed an issue that can occur if an IFRAME is part of the MCMS page.

Today Angus pointed me to another issue that can occur if you need to display an MCMS site in an IFRAME of another site.

For presentation mode there are no problems but as soon as you start doing authoring you will end up with Access Denied javascript message. These errors occur due to the fact that the WebAuthor code is refering to the top window on serveral places. The top window in this situation is not part of the MCMS site and this causes a cross-site-scripting problem.

To address this the following changes to WebAuthor files are required.

Ensure that you create a backup of the original files before doing any modifications to these files as modifying these files is not supported by Microsoft! In case you get problems with WebAuthor first double check if the problem also happens with the original version of these files!

You need to modify the following two files:

  1. ...<MCMS install dir>\Server\IIS_CMS\WebAuthor\Client\Windows.js

    Replace the following routine

    function WBC_openWindowOnFocus(strURL, strWinTarget, strWinFeatures)
    {
        var pWindow = window.top.open(strURL, strWinTarget, strWinFeatures);
        if (pWindow)
            pWindow.focus();
    }

    with this implementation:

    function WBC_openWindowOnFocus(strURL, strWinTarget, strWinFeatures)
    {
     var pWindow = window.open(strURL, strWinTarget, strWinFeatures);
     if (pWindow)
      pWindow.focus();
    }

  2. ...<MCMS install dir>\Server\IIS_CMS\WebAuthor\Client\Console.js

    Replace all instances of the following string

    WBC_UseDefaultSizing(window.top)

    in this

    WBC_UseDefaultSizing(window)

Comments (0)

Skip to main content