2.75 KB, text/plain
26.83 KB, text/plain
31.98 KB, text/plain
2.42 KB, text/plain
Created attachment 54357 [details] Source File for exception "Error: top.frames has no properties Line: 842"
Caps. Jeff, could you attach the source and url of the top-level frameset? Also, could you possibly attach the urls of all the frames involved (by doing "open frame in new window" on all of them and copying from url bar)? The basic question is, is the site using :80 explicitly in the URLs to set port 80? Or are they using multiple domains?
Component: DOM Level 0 → Security: CAPS
reassign for real
Jeff, that's the source of the _frame_. What's needed here is the source of the frameset itself ("Save page as") as well as the URL of the top-level document.
If I go through the sign-in (where the error occurs) then "View | Page Source", it shows the second attachment ("Source File for exception..."). The "portal.htm" can be seen at the top. I can't find any more pages to attach. :( Since it occurs to me from your comments that this might be a "sameOrigin" problem, I'll try it with capability.policy.default.Window.frames "allAccess", to see if it makes a difference.
Indeed, there are differences when I allow "allAccess" to the site for "Window.frames". It then excepts out with "Window.scriptglobals", and then "Window.length". Explicitly allowing those leaves only the final one (part of the original set...). This occurs after much delay: Error: top.frames has no properties Source File: https://t9863633.da-us.citibank.com/Pers/portal.htm Line: 842 Hope this helps, -- Jeff
Jeff, Thanks for your analysis. This is similar to bug 52920. If frames A and B come from the same host, but their frameset comes from a different host, ans frame A tries to access frame B via top.frames[x], this should work. If frames A and B come from two different hosts and A accesses content or functions in B, then we do and should prevent the access, since to allow that is a security risk.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → mozilla0.9.7
Should be fixed now.
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
I can confirm that 2001121703 on Win2K works for the Citibank test case. Great job! I tested with a single pref to override the user-agent as MSIE 5.5.
I do not have the Citibank accout. Could you please mention some other way to test this bug.
Bindu, Try the testcase at http://warp.mcom.com/u/mstoltz/bugs/52920.html. It tests the same problem. Take a look at the testcase (it's actually several files) and make sure you understand what it's testing.
Verified on 2002-02-21-Trunk on WinNT. Loaded above test case. All the frames are loaded fine and the alert is shown. No exception in the JS console.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.