Closed Bug 1262167 Opened 8 years ago Closed 3 years ago

Firefox doesn't throw an exception when trying to access an inaccessible iframe

Categories

(Core :: DOM: HTML Parser, defect, P5)

Product:
Core
Component:
DOM: HTML Parser
Version:
47 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: me, Unassigned)

References

(
URL
)

Details

(Keywords: access, Whiteboard: btpp-backlog) 

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
Build ID: 20160404004026

Steps to reproduce:

Try accessing an inaccessible iframe with jQuery.

HTML:
<div class="iframes-inaccessible" id="iframes-inaccessible-target">
    <script>
        var target = document.getElementById("iframes-inaccessible-target");
        var iframe = document.createElement("iframe");
        iframe.src = "http://example.com/";
        target.appendChild(iframe);
    </script>
</div>

JavaScript:

    $(function() {
        $("div iframe").on("load", function(){
            console.log($(this).contents());
        });
    });

Please see the issue on the jQuery GitHub repository here: https://github.com/jquery/jquery/issues/3033


Actual results:

An empty object will be shown in the console:
Object { length: 0, prevObject: Object, context: <iframe> }


Expected results:

An error should be thrown like in Chrome. For example:

Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "null" from accessing a frame with origin "http://example.com". The frame requesting access has a protocol of "file", the frame being accessed has a protocol of "http". Protocols must match.
URL: https://github.com/jquery/jquery/issu...
Keywords: access
This was changed in bug 829872 to be compatible with WebKit, and also follows the HTML spec. WebKit still has the same behaviour that we do. Can someone check IE/Edge?
Edge 13 seems to throw an exception.  So does IE11.

Given that it's 2 against 2 and we're the ones following the spec, I filed a bug report on Chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=600744
Whiteboard: btpp-backlog

Bulk-downgrade of unassigned, 4 years untouched DOM/Storage bugs' priority.

If you have reason to believe this is wrong (especially for the severity), please write a comment and ni :jstutte.

Severity: normal → S4
Priority: -- → P5

Firefox behaves per spec.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.