Closed Bug 248870 Opened 21 years ago Closed 21 years ago

When javascript loaded in an IFRAME calls self.resizeTo the whole window is resized.

Categories

(Core :: DOM: Core & HTML, defect)

x86
Windows 2000
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: psyon, Unassigned)

References

()

Details

(Keywords: fixed-aviary1.0, fixed1.7.5)

Attachments

(1 file)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040616 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040616 http://www.psyon.org/iframe.html contains an IFRAME that loads http://www.forbiddenweb.org/iframe.html On forbiddenweb there is javascript to resize the document to 600x100 (self.resizeTo(600x100)). When loaded in the IFRAME from psyon.org, the whole window is still resized. I view this as 2 errors actually. 1.) The self object is resizeing the top level document window. 2.) Its in a sense cross site scripting The issue has been tested in mozilla 1.7 and Firefox 0.9, both on windows platforms. Reproducible: Always Steps to Reproduce: 1. Visit http://www.psyon.org/iframe.html Actual Results: The Top level window is resized to 600x100 Expected Results: My personal view would be that self.resizeTo() should be ignored if a document is loaded inside an IFrame. In IE (not that people care) just the IFrame itself is resized. I dont view that as acceptable either. That could lead to advertisers and other such pages opened in iframe to exploit the function and take over a page by resizing the IFrame to the full width and height. The sample url above should provide all the information needed.
We should probably do what IE does. Netscape 4.x and earlier had no IFRAME support, but did introduce resize* methods. /be
Assignee: general → general
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → DOM: Level 0
Ever confirmed: true
We already prevent changing the window size on an [i]frame using window.innerWidth/innerHeight, we should do the same thing for outerWidth/outerHeight, and resize*. Trivial change, anyone got the cycles?
Attached patch FixSplinter Review
Attachment #152171 - Flags: superreview?(peterv)
Attachment #152171 - Flags: review?(peterv)
Attachment #152171 - Flags: superreview?(peterv)
Attachment #152171 - Flags: superreview+
Attachment #152171 - Flags: review?(peterv)
Attachment #152171 - Flags: review+
Fixed on trunk and branch.
Status: NEW → RESOLVED
Closed: 21 years ago
Keywords: fixed-aviary1.0
Resolution: --- → FIXED
I am removing my sample URLs
This caused regression bug 250771.
Blocks: 250771
Comment on attachment 152171 [details] [diff] [review] Fix jst: should the pair of fixes be committed to the 1.7 branch?
Attachment #152171 - Flags: approval1.7.2?
Yes! we don't want Aviary Gecko to diverge from the 1.7 branch. In fact it probably should have gone into 1.7 branch first and then into Aviary.
This caused a crash regression - are we sure we want it on 1.7? Do aviary folk know of the crash regression?
*** Bug 259447 has been marked as a duplicate of this bug. ***
*** Bug 259941 has been marked as a duplicate of this bug. ***
Comment on attachment 152171 [details] [diff] [review] Fix jst, can you please put this on the 1.7 branch?
Attachment #152171 - Flags: approval1.7.x? → approval1.7.x+
Fixed in 1.7.x
Keywords: fixed1.7.x
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: