Open
Bug 345208
Opened 18 years ago
Updated 2 years ago
Frame page causes my javascript menu to fail
Categories
(Core :: DOM: Core & HTML, defect, P5)
Tracking
()
UNCONFIRMED
People
(Reporter: laven, Unassigned)
References
()
Details
(Keywords: testcase)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 The javascript dropdown menu works on all other pages except when I go into this frame page (http://www.starkmann.com/whatFrms.htm) and click on what one of the graphic links and then select another page from the dropdown menu nothing happens. I tried the same in IE and all working fine. Please check and fix this bug as most of our customers use MozillaFirefox. Reproducible: Always Steps to Reproduce: 1.goto http://www.starkmann.com/whatFrms.htm 2.select a graphic link (e.g London2012) 3.from the the dropdown menu, select another page 4.you'll notice that nothing happen. Actual Results: nothing happens Expected Results: goto the selected page
Comment 1•18 years ago
|
||
When 'nothing happens' I get this in the error console: Error: uncaught exception: Permission denied to get property Window._top I'm thinking it's a cross-site scripting restriction because the two frames have content from different servers.
Comment 2•18 years ago
|
||
Yes, the function ig_searchFrames in ig_shared.js is buggy: function ig_searchFrames(frame, targetFrame) { if(frame.frames[targetFrame] != null) return frame.frames[targetFrame]; var i; for(i=0; i<frame.frames.length; i++) { var subFrame = ig_searchFrames(frame.frames[i], targetFrame); if(subFrame != null) return subFrame; } return null; } See the most inner loop. It expect to be able to get the property '_top' of any window, also from other domains. This is not possible in Mozilla and raises an exception. So the script should have a try..catch here. It works in IE6, but that means that with IE6, webmasters are able to get random properties of other windows with a different domain from the user, which is a security issue in IE6, I suspect. See also http://wargers.org/mozilla/test/frametest/framesdomain.htm for an example. The 3rd alert should not happen, you should get a security exception instead.
Comment 3•18 years ago
|
||
(In reply to comment #2) > It works in IE6, but that means that with IE6, webmasters are able to get > random properties of other windows with a different domain from the user, which > is a security issue in IE6, I suspect. Ah no, that's not true, this example of the property 'martijn' doesn't work in IE6 also: http://wargers.org/mozilla/test/frametest/framesdomain2.htm
Comment 4•18 years ago
|
||
So apparently, IE6 is returning undefined for properties that are not defined in the frame: http://wargers.org/mozilla/test/frametest/framesdomain.htm But as soon as some script has defined the property in the frame, then the property is not accessible anymore in the other frame in IE and you get an exception: http://wargers.org/mozilla/test/frametest/framesdomain2.htm So maybe we should be compatible with IE6 here. But there are some reasons mentioned in bug 158049, why this is probably not a good idea.
Assignee: nobody → general
Component: General → DOM
Keywords: testcase
Product: Firefox → Core
QA Contact: general → ian
Version: unspecified → Trunk
Updated•15 years ago
|
Assignee: general → nobody
QA Contact: ian → general
Comment 5•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•