Closed Bug 301510 Opened 19 years ago Closed 18 years ago

Security domain is discarded when navigating back to generated page

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: darin.moz, Assigned: bzbarsky)

References

(
URL
)

Details

Attachments

(2 files)

frametest-1: using document.write
557 bytes, text/html
Details
frametest-2: using data URL
509 bytes, text/html
Details 
Security domain is discarded when navigating back to generated page.

I observed that using document.open + document.write to modify the contents of
an <iframe> in my page results in the domain of the generated document being set
that of my document.  That is all good and well, but if I navigate the <iframe>
again, and then navigate back (using the browser's back button), the domain of
the generated document is now null.  This seems like a pretty major bug to me.

I can reproduce this bug by setting the "src" attribute of the <iframe> to a
data: URL that produces a similar web page.  I can also reproduce it using a
javascript: URL that generates content, but that case is similar to the
document.open + document.write case.

I will attach two testcases.

    
    

    
  


  

    
    

    
  
frametest-1 seems to be broken when posted as an attachment on bugzilla.  the
back button simply doesn't respond at all.  yikes!  frametest-2 functions as
expected, however.

    
    

    
  
I posted frametest-1 on a non-SSL site, and it now demonstrates the bug
properly.  See: http://friedfish.homeip.net/~darinf/frametest-1.html
URL: http://friedfish.homeip.net/~darinf/f...

    
    

    
  
We have bugs on this already....
Whiteboard: DUPEME

    
    

    
  
Bug 220312 is the same as this, and was also flagged as DUPEME. Is there some
other bug where this is being addressed?

    
  
Depends on: 220312

    
  
Depends on: 172261

    
  
Assignee: nobody → bzbarsky

    
    

    
  
Fixed by checkin for bug 172261.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

    
    

    
  
Sufficiently tested by the test for bug 172261, so marking in-testsuite-.

If more testing is desired (the content/html/document/test/test_bug172261.html checkin comment says no), reset to ?.

If you disagree with - and instead think this should be +, complain in m.d.quality and the newsgroup can hash out defined semantics -- my choice here is an arbitrary definition of the flag's semantics because I believe none yet exist for this situation.  :-)  I care about making it obvious this bug doesn't need a testcase committed, not about the exact manner in which that's done.
Flags: in-testsuite-

    
  
Component: History: Session → Document Navigation
QA Contact: history.session → docshell

    
  
Whiteboard: DUPEME

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: