search

Aloodo / ad.aloodo.com

http://ad.aloodo.com/
GNU Affero General Public License v3.0
19 stars 4 forks source link

Remove MSIE workaround #6

Open dmarti opened 9 years ago

dmarti commented 9 years ago

In Chrome and Firefox the iframe can send a JavaScript message to the containing page. This does not work so far in MSIE and we have to send an extra message in the containing page... https://github.com/Aloodo/ad.aloodo.com/commit/95894be5477f57404295b9415102ce101c42be25

regiskuckaertz commented 8 years ago

Hmm, postMessage presumably works for cross-frame communication in IE8-9. IE8 lacks support for DOMContentLoaded though, you could achieve the same result using the readystatechange event, or even the load event since the tracker page does not load any external resource.

dmarti commented 8 years ago

So far I haven't been able to get it to work. But there is no Privacy Badger for MSIE, so if the script loads at all, the user is vulnerable. The result is right even though the workaround is there.

I did find this, which suggests using setTimeout:

http://stackoverflow.com/questions/6036418/what-browsers-support-the-window-postmessage-call-now/25783377#25783377