Closed Bug 248870 Opened 20 years ago Closed 20 years ago

When javascript loaded in an IFRAME calls self.resizeTo the whole window is resized.

Categories

(Core :: DOM: Core & HTML, defect)

x86
Windows 2000
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: psyon, Unassigned)

References

()

Details

(Keywords: fixed-aviary1.0, fixed1.7.5)

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040616
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040616

http://www.psyon.org/iframe.html contains an IFRAME that loads
http://www.forbiddenweb.org/iframe.html

On forbiddenweb there is javascript to resize the document to 600x100
(self.resizeTo(600x100)).  When loaded in the IFRAME from psyon.org, the whole
window is still resized.  I view this as 2 errors actually.

1.) The self object is resizeing the top level document window.
2.) Its in a sense cross site scripting

The issue has been tested in mozilla 1.7 and Firefox 0.9, both on windows platforms.

Reproducible: Always
Steps to Reproduce:
1.  Visit http://www.psyon.org/iframe.html

Actual Results:  
The Top level window is resized to 600x100

Expected Results:  
My personal view would be that self.resizeTo() should be ignored if a document
is loaded inside an IFrame.  In IE (not that people care) just the IFrame itself
is resized.  I dont view that as acceptable either.  That could lead to
advertisers and other such pages opened in iframe to exploit the function and
take over a page by resizing the IFrame to the full width and height.

The sample url above should provide all the information needed.
We should probably do what IE does.  Netscape 4.x and earlier had no IFRAME
support, but did introduce resize* methods.

/be
Assignee: general → general
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → DOM: Level 0
Ever confirmed: true
We already prevent changing the window size on an [i]frame using
window.innerWidth/innerHeight, we should do the same thing for
outerWidth/outerHeight, and resize*. Trivial change, anyone got the cycles?
Attached patch FixSplinter Review
Attachment #152171 - Flags: superreview?(peterv)
Attachment #152171 - Flags: review?(peterv)
Attachment #152171 - Flags: superreview?(peterv)
Attachment #152171 - Flags: superreview+
Attachment #152171 - Flags: review?(peterv)
Attachment #152171 - Flags: review+
Fixed on trunk and branch.
Status: NEW → RESOLVED
Closed: 20 years ago
Keywords: fixed-aviary1.0
Resolution: --- → FIXED
I am removing my sample URLs
This caused regression bug 250771.
Blocks: 250771
Comment on attachment 152171 [details] [diff] [review]
Fix

jst: should the pair of fixes be committed to the 1.7 branch?
Attachment #152171 - Flags: approval1.7.2?
Yes! we don't want Aviary Gecko to diverge from the 1.7 branch. In fact it
probably should have gone into 1.7 branch first and then into Aviary.
This caused a crash regression - are we sure we want it on 1.7? Do aviary folk
know of the crash regression?
*** Bug 259447 has been marked as a duplicate of this bug. ***
*** Bug 259941 has been marked as a duplicate of this bug. ***
Comment on attachment 152171 [details] [diff] [review]
Fix

jst, can you please put this on the 1.7 branch?
Attachment #152171 - Flags: approval1.7.x? → approval1.7.x+
Fixed in 1.7.x
Keywords: fixed1.7.x
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: