Closed
Bug 301510
Opened 19 years ago
Closed 18 years ago
Security domain is discarded when navigating back to generated page
Categories
(Core :: DOM: Navigation, defect)
Core
DOM: Navigation
Tracking
()
RESOLVED
FIXED
People
(Reporter: darin.moz, Assigned: bzbarsky)
References
()
Details
Attachments
(2 files)
Security domain is discarded when navigating back to generated page. I observed that using document.open + document.write to modify the contents of an <iframe> in my page results in the domain of the generated document being set that of my document. That is all good and well, but if I navigate the <iframe> again, and then navigate back (using the browser's back button), the domain of the generated document is now null. This seems like a pretty major bug to me. I can reproduce this bug by setting the "src" attribute of the <iframe> to a data: URL that produces a similar web page. I can also reproduce it using a javascript: URL that generates content, but that case is similar to the document.open + document.write case. I will attach two testcases.
Reporter | ||
Comment 1•19 years ago
|
||
Reporter | ||
Comment 2•19 years ago
|
||
Reporter | ||
Comment 3•19 years ago
|
||
frametest-1 seems to be broken when posted as an attachment on bugzilla. the back button simply doesn't respond at all. yikes! frametest-2 functions as expected, however.
Reporter | ||
Comment 4•19 years ago
|
||
I posted frametest-1 on a non-SSL site, and it now demonstrates the bug properly. See: http://friedfish.homeip.net/~darinf/frametest-1.html
Comment 6•19 years ago
|
||
Bug 220312 is the same as this, and was also flagged as DUPEME. Is there some other bug where this is being addressed?
Assignee | ||
Updated•18 years ago
|
Assignee: nobody → bzbarsky
Assignee | ||
Comment 7•18 years ago
|
||
Fixed by checkin for bug 172261.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment 8•18 years ago
|
||
Sufficiently tested by the test for bug 172261, so marking in-testsuite-. If more testing is desired (the content/html/document/test/test_bug172261.html checkin comment says no), reset to ?. If you disagree with - and instead think this should be +, complain in m.d.quality and the newsgroup can hash out defined semantics -- my choice here is an arbitrary definition of the flag's semantics because I believe none yet exist for this situation. :-) I care about making it obvious this bug doesn't need a testcase committed, not about the exact manner in which that's done.
Flags: in-testsuite-
Component: History: Session → Document Navigation
QA Contact: history.session → docshell
You need to log in
before you can comment on or make changes to this bug.
Description
•