Closed
Bug 468412
Opened 16 years ago
Closed 14 years ago
The attribute parent of nested or inner iframe does not refer to parent iframe when submitting form
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: nopporn.kongwatmai, Unassigned)
Details
(Whiteboard: [CLOSEME 2010-11-01])
Attachments
(2 files, 1 obsolete file)
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
Build Identifier: Firefox/3.0.4
I have created a dynamic nested frame for submit form. Example of code as following.
var parentFrame = doc.createElement("iframe");
parentFrame.setAttribute("id", "frame_parent_0");
parentFrame.setAttribute("name", "frame_parent_1");
parentFrame.style.display = "none";
parentFrame.style.height = "1px";
parentFrame.style.width = "1px";
doc.body.appendChild(parentFrame);
parentFrame.onCommandEvent() = function(){
//do something.
}
var frame = doc.createElement("iframe");
frame.setAttribute("id", "frame_0");
frame.setAttribute("name", "frame_0");
frame.style.display = "none";
frame.style.height = "1px";
frame.style.width = "1px";
parentFrame.contentDocument.body.appendChild(frame); //append inner frame to parent frame.
var form = document.createElement("form");
form.setAttrbute("id","form_0");
form.setAttrbute("enctype", "application/x-www-form-urlencoded");
form.setAttribute("method" "POST");
form.setAttribute("target" "frame_0");
form.style.display = "none";
var url = "http://localhost/app1";
form.setAttribute("action", url + "?timestamp=" + (new Date()).getTime());
form.submit();
After that the response from server is comming in with
<script>parent.onCommandEvent("some data");</script>
The error occur within inner iframe that is parent.onCommandEvent is not a function or something like that.
This is working on FF2 but it does not work on FF3.
I put alert in reponse script like the following
<script>
window.alert(parent.name);
parent.onCommandEvent("some data");
</script>
It will alert the "frame_0" which is the name of inner iframe instead of "frame_parent_0" as expected.
It seems like parent attribute of inner iframe refer to itself instead of parent iframe.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.Forgot one thing. The form is appended to parent iframe which is "frame_parent_0" parentFrame.appendChild(form);
|
||
Comment 2•16 years ago
|
||
Do you have a working testcase that demonstrates the behavior you are trying to report? The sample code you have provided is a decent start, but isn't valid code by itself (syntax errors, etc.) I have tried to read your mind a bit and correct the syntax errors, but even with the "corrected" code, I cannot reproduce the issue you are seeing in either Firefox 2 or 3. If you have a working testcase, please attach it to the bug so we can do better analysis.
I have produced the new sample code that represent my case.
The request.html
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Sample Code</title>
</head>
<body>
<script language="JavaScript">
var parentFrame = document.createElement("iframe");
parentFrame.setAttribute("id", "frame_parent_0");
parentFrame.setAttribute("name", "frame_parent_0");
parentFrame.style.display = "none";
parentFrame.style.height = "1px";
parentFrame.style.width = "1px";
document.body.appendChild(parentFrame);
parentFrame.onCommandEvent = function(){
window.alert("Callback should be invoked here");
};
var frame = document.createElement("iframe");
frame.setAttribute("id", "frame_0");
frame.setAttribute("name", "frame_0");
frame.style.display = "none";
frame.style.height = "1px";
frame.style.width = "1px";
parentFrame.contentDocument.body.appendChild(frame);
var form = document.createElement("form");
form.setAttribute("id","form_0");
form.setAttribute("enctype", "application/x-www-form-urlencoded");
form.setAttribute("method", "POST");
form.setAttribute("target", "frame_0");
form.style.display = "none";
parentFrame.appendChild(form);
var url = "http://localhost:8081/response.html";
form.setAttribute("action", url + "?timestamp=" + (new Date()).getTime());
var tn = document.createElement("input");
tn.setAttribute("type", "hidden");
tn.setAttribute("name", "data");
tn.setAttribute("value", "some value");
form.appendChild(tn);
form.submit();
</script>
</body>
</html>
The response.html should be the following.
<script>
window.alert(parent.name);
parent.onCommandEvent();
</script>
The step is
1. Put these 2 file in your web folder.
2. adjust the variable url in request.html according to your web url.
3. run request.html in FireFox 3.
4. The page will popup a lert message "frame_0" due to the alert command in respone.html to alert name of parent frame. So, the expected result should be "frame_parent_0" instead of "frame_0".
This is an urgent issue because my JavaScript application use iframe to be a transport for cummunicating with server. Moreover, it is working fine in FireFox 2. Please let me know if you have any comments or suggestion.
I did realize that there are many bugs about iframe in firebug tracked in bugzilla.|
|
||
Comment 4•16 years ago
|
||
Jonas, do you know which DOM change(s) we made in Firefox 3 that would be causing the behavior reported above?
Please attach an attachment so that we can try it out.
|
|
||
Comment 6•16 years ago
|
||
|
|
||
Comment 7•16 years ago
|
||
|
|
||
Comment 8•16 years ago
|
||
Attachment #352142 -
Attachment is obsolete: true
|
||
Comment 10•16 years ago
|
||
This does not appear to be a security vulnerability. Unhiding the bug since that is impeding getting the right people to look at this. From your script it doesn't look like your form is "in" _either_ frame. The child frame you added to the parentFrame.contentBody -- that's in the framed document -- but the form is in the outer document within the <iframe></iframe> tags. It should have the same parent as the outer document since that's where it's living (It's in the space that's supposed to be displayed in clients that don't support frames).
Group: core-security
|
|
||
Comment 11•16 years ago
|
||
I can't reproduce your symptoms from the testcase attached to this bug, however, so I may be misunderstanding the problem. Does this testcase reproduce the problem you're seeing when you try it?
|
Reporter | |
Comment 12•16 years ago
|
||
Can you reproduce it in your local environment? I couldn't run the attached test case also. I don't get your point for comment#10. I submitted the form with target to the iframe so the parent should be the parent of iframe instead of form. I can show the relationship between the iframe and form as follow. <iframe id="frame_parent_0"> <iframe id="frame_0"></iframe> <form id="form_0" target="frame_0" action=""> </frame> When the form_0 is submitted, the response will run into frame_0. So, the parent attribute of frame_0 should be frame_parent_0 instead of itself. This is working just fine on FireFox 2. I am not sure how is it related with frame loading. I simulated this test case by using the static html page. My JavaScript creates the dynamic iframe named frame_parent_0 and append to the document likes the previous test case. However, it set the attribute src of frame_parent_0 to point to iframe_command.html which is the static html page contained the iframe and form tags. When the frame_parent_0 is completely load, it will submit the form. This solution is working fine. It seems to solve my problem. So, I guess that might be something related to the page loading. Moreover, the previous test case I found that the onload event of frame_parent_0 occur twice. The first one is when the frame_parent_0 is append to the document and the second is when the frame_0 is append to frame_parent_0. Is this the expected behavior? var parentFrame = document.createElement("iframe"); parentFrame.setAttribute("id", "frame_parent_0"); parentFrame.setAttribute("name", "frame_parent_0"); parentFrame.style.height = "1px"; parentFrame.style.width = "1px"; document.body.appendChild(parentFrame); parentFrame.onload = function(){ var form = parentFrame.contentDocument.getElementById("form_0"); form.setAttribute("action","response.html"); form.submit(); }; parentFrame.contentWindow.onCommandEvent = onCommandEvent; parentFrame.src = "iframe_command.html"; iframe_command.html <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Insert title here</title> </head> <body> <form id="form_0" name="form_0" target="frame_0" method="post"> <input type="hidden" name="data" value=""/> </form> <iframe id="frame_0" name="frame_0" style="height: 1px;width: 1px;"/> </body> </html>
|
||
Comment 13•14 years ago
|
||
This is a mass search for bugs which are in the Firefox General component, are UNCO, have not been changed for 500 days and have an unspecified version. Reporter, can you please update to Firefox 3.6.10 or later, create a fresh profile, http://support.mozilla.com/en-US/kb/managing+profiles, and test again. If you still see the issue, please update this bug. If the issue is gone, please set the status to RESOLVED > WORKSFORME.
Whiteboard: [CLOSEME 2010-11-01]
|
|
||
Comment 14•14 years ago
|
||
No reply from reporter, INCOMPLETE. Please retest with Firefox 3.6.12 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•