WebReference.com logo
tip archive  •   about  •   sitemap  •   contact  •   jobs  •   write for us  •   subscribe


[next]

Using GreyBox in your HTML Applications

By

Social Bookmark

Sr. Web Developer
mediabistro.com
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume


You may have never heard of Orangoo's GreyBox library, but you've almost certainly seen it. The GreyBox library is an extension to the AJS JavaScript Framework that displays websites, images, and other content in an eye-catching popup window. Its striking appearance combined with small size and ease of use has made it a hit with numerous websites. In fact, WebReference uses it to display images and links to external sites. It has also been ported to other JS frameworks, such as jQuery. That version is called GreyBox Redux. Impressed by its sleek design, I chose to include it in an HTML Application (HTA) that I was building. Imagine my surprise when it didn't work! I went through my code with a fine-toothed comb, but to no avail; the GreyBox window was nowhere to be seen. Not to be deterred, I sought to get to the bottom of this frustrating apparent incompatibility. You'll be happy to know that my story is one of redemption. Now, in the hopes of saving other developers from a similar fate, I will share my discoveries with you and reveal how I got GreyBox to work within an HTA!

The HTA Security Model

On the MSDN site, I learned that HTAs differ from HTML pages in a number of ways. A cross between Visual Basic Scripts (VBS) and HTML, they really belong to a class all to themselves. HTAs run outside of Internet Explorer's usually restrictive runtime environment, and therefore are unhampered by the security constraints imposed by the browser. The process that they run under is called mshta.exe. You can see it in the Windows Task Manager while an HTA is running:

Figure 1

They do have one security feature to prevent cross-domain scripting attacks from untrusted content. This risk is particularly salient in HTAs where downloading content from the WWW is all too easy. As a precaution, the HTAs enable the APPLICATION attribute for frame and iframe objects.

This security measure greatly interferes with GreyBox as it uses an iframe to display the popup content. HTAs are designed so that untrusted HTML frame and iframe objects have no script access to the HTA containing them. In the case of frame objects that are not HTA-enabled, the highest level frame comprises the top window for all frame objects it contains. Hence, for that frame object, the window.top and window.self properties are one and the same. In addition, unsafe frame and iframe objects receive neither a referrer nor an opener URL from the parent HTA. The end result is that they are unaware of the containing HTA as the parent window.

The gb_scripts.js file contains several references to the parent of the iframe:

The parent property is used by the GreyBox iframe to retrieve the GB_CURRENT object. As explained above, the parent property always returns a pointer to itself! Since the GB_CURRENT is not known to the iframe, the object is instanciated to a value of undefined. All subsequent references to GB_CURRENT and its properties will throw an error such as the one in Figure 2:

Figure 2

The Workaround

There are a few obstacles to making this an easy fix. This first is that the APPLICATION attribute must be set to "yes" in the <IFRAME> tag. In other words, it must be in the source code when the iframe is created; you cannot add it later via scripting. Further complicating matters is the fact that the GreyBox script is not easy to follow - by design. In order to make it lightweight, the writers of the script use extremely short variable names, and include no indentations or other style features that would otherwise improve the code's readability. Moreover, if those first two points are not enough, it is written using the equally difficult to follow AJS framework.

I am always hesitant to delve into framework code that I don't fully understand. As a practitioner of Unobtrusive JavaScript, I want to make changes that will not affect anything else in the slightest degree. After all, the whole point of using a framework is to use it as a sort of "black box" that does what you want without having to worry about the specific implementation details. While I don't recommend that you attempt this type of thing at home, I feel confident in suggesting a workaround here because my tweaking yielded a highly satisfactory solution, if I may say so.


[next]

Recent Articles

WebReference.com site name
Rolling Out Your Own HTML Application Version Control
HTML 5: Client-side Storage
Working with Ajax Server Extensions
 internet.com site name
Wi-Fi Product Watch, November 2009
Chip Market Recovering From '08 Collapse
Low-Cost Tools to Kickstart Your New Business


internet.commediabistro.comJusttechjobs.comGraphics.com

Search:

WebMediaBrands Corporate Info

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

Solutions

Whitepapers and eBooks

Microsoft Articles: Visual Studio 2010
Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications
Microsoft Whitepaper: How Windows Server 2008 R2 Helps Optimize IT and Save You Money
Adobe Article: Java Developers Finding a Home at Adobe Flex
IBM Articles: A Smarter Business Needs Smarter Technology
Intel Xeon Processor Increases Server Efficiency and Capabilities
Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise
Oracle Whitepapers - Innovation for IT Leaders
Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT
 Internet.com eBook: IT Manager's Guide to Social Networking
Internet.com eBook: Get Ready for Windows 7
Microsoft Article: Expression Web 3--New Features for PHP Developers
Whitepapers: Manage Your Business Infrastracture with IBM
Whitepaper: Maximize Your Storage Investment with HP
Internet.com eBook: Becoming a Better Project Manager
Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Microsoft Partner Program Benefits
Video: Windows Azure Debugging Tips
SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports
 IBM Webcast: Speed Business Innovation with Reduced Cost and Risk
Video: Deploy Applications on Windows Azure
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Download: Microsoft Visual Studio 2010 Beta 2
Downloads & Free Trials: Microsoft's New Efficiency Resource Center
Get the Windows 7 SDK
 Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
All About Botnets
 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES