iframe continues to execute after main page reload
Categories
(Core :: DOM: Navigation, defect, P3)
Tracking
()
People
(Reporter: fb, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Steps to reproduce:
We started seeing this in ff 69.
Our app contains an iframe that is set (via js) shortly after the main page has finished loading (main page and iframe use same domain).
We get sentry crash logs from our app - in this case the iframe saying "window.top.$ is undefined" - actual access is window.top.$.jStorage
Actual results:
Our main page js is bundled so libs like jquery&jStorage should all be available at the time the iframe starts loading. Our weblogs indicate the user reloads while the iframe starts up. We see an http request for the main page (reload), but we also see an http request from the iframe (referrer is iframe url), which shouldn't be possible - the main page just started up after the reload and hasn't set the iframe url yet. This leads us to believe the original iframe continues to run after the main page got a reload request.
The impact to our users is low, as the zombie iframe eventually gets replaced. However crash logs are annoying ;) Not sure if zombie iframe could be somehow exploited if user tried to load a different page, and our zombie iframe tried to access the new page - hopefully cross domain restrictions would kick in...
Expected results:
Would have expected for the iframe runtime to be terminated as soon as the main page is reloaded.
Updated•5 years ago
|
Comment 1•5 years ago
|
||
A testcase would be really nice here.
And/or if you could try to run mozregression to find regression range
https://mozilla.github.io/mozregression/
(P3 for now, but could be actually P1)
Updated•2 years ago
|
Description
•