JavaScript: Can't change frame location accross domains (regression)

VERIFIED WORKSFORME

Status

()

--
major
VERIFIED WORKSFORME
16 years ago
9 years ago

People

(Reporter: mozilla.org, Assigned: security-bugs)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(2 attachments)

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030401
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030401

Using JavaScript to change the location of a frame, as in
parent.foo.location.href = 'http://foo.com/foo.php', fails if the frameset is
not in the same domain as the target and source frames.

Additionally, the JavaScript console reports: 'Error: uncaught exception:
Permission denied to get property Function.frames' or:
'Error: uncaught exception: Permission denied to get property Function.href'.

As an example, see http://textz.com/index.php3?section=concept (frameset:
textz.com, frames: textz.gnutenberg.net).

The same is true for subdomains. Go to
http://lists.minordomo.org/textz.com/index.php and click 'moderate' (frameset:
lists.minordomo.org, frames: minordomo.org -- the problem disappears if the very
same frameset is loaded as http://minordomo.org/lists/textz.com/index.php).

Both sites do not work in 1.4a, but do work in 1.3. This looks like a
regression, since the same bug was present in the earlier days of Mozilla (Bug
52920), and later fixed.

Ah, and just in case: Blocking cross-domain frame updates is *not* a security
feature. There are many more legitimate scenarios than just the two above.

Reproducible: Always

Steps to Reproduce:

Comment 1

16 years ago
Confirming report with Mozilla trunk binary 2003033105 WinNT.

This is either for the DOM or Security, not JS Engine. 
Reassigning to Security for further triage - 
Assignee: rogerl → mstoltz
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → Security: General
Ever confirmed: true
QA Contact: pschwartau → carosendahl
The error is the same as bug 198660
Depends on: 198660

Comment 3

16 years ago
confirmed with Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b)
Gecko/20030422

even worse: for me it seems not only related to cross-domain links.

I get the error in the HTML Client of our Content Management System (VIP 8 by
http://www.gaussvip.com). All pages of this application reside on one server,
all have same domain and nevertheless: 

on some pages,when a script in one frame tries to change the location of another
frame it does nothing. Strangely it does not happen on all cross frame actions,
only on some. I tried to debug this using Venkman but the stuff is way to
complex for me to unerstand what's going on.

Everything works fine when using Moz 1.3.1 or below

Comment 4

15 years ago
> As an example, see http://textz.com/index.php3?section=concept (frameset:
> textz.com, frames: textz.gnutenberg.net).
this example worksforme (moz 1.8 nightly)

> The same is true for subdomains. Go to
> http://lists.minordomo.org/textz.com/index.php and click 'moderate'
the site suffers serious usability issues. Please give the direct link to "moderate"

add qawanted keyword. Reporter (rolux), can you give us a reduced testcase?
Keywords: qawanted

Comment 5

14 years ago
worksforme moz 1.7.3, worksforme firefox 1.0, and per comment4, worksforme 1.8
nightlies
no response from reporter -> wfm
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → WORKSFORME
Created attachment 379809 [details]
Frameset Test file
Created attachment 379810 [details]
Test page (second frame)
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1pre) Gecko/20090526 Shiretoko/3.5pre

I'm trying to come up with a minimized test case for this (old) bug.

1. Download both files to the same location
2. Open frameset.html in the browser
3. Click the Test link

RESULT:
1. Google on top, test page on the bottom
2. Digg on top, test page on bottom after link click
3. Exception in Error Console:
Error: Permission denied for <http://view.atdmt.com> to call method Location.toString on <file://>.

I'm not sure if this is related to this bug or not.  Please advise me on both my test case and the result.
Verifying WORKSFORME due to lack of feedback and inability to reproduce.
Status: RESOLVED → VERIFIED
Keywords: qawanted
You need to log in before you can comment on or make changes to this bug.