Open Bug 542430 Opened 14 years ago Updated 2 years ago

cannot access window.top['otherFrame'] from inside a child iframe if both iframes have the same origin

Categories

(Core :: DOM: Core & HTML, defect, P5)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: deanmao, Unassigned)

Details

Attachments

(1 file)

testcase 2
147 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6

Accessing another iframe by id name causes a permission denied even if both iframes are under the same origin.  The problem does not seem to manifest under Firefox 3.5.  Also, the test cases passes for all other browsers including webkit, chromium nightly, chrome 4.0, safari, and opera.  It doesn't seem like accessing iframes by name would be a security risk.  The workaround is to access the frame by index using window.parent.frames[0], however it seems like an unnecessary limitation.  I asked this question on #firefox on freenode and jruderman asked me to file a bug report.  

Reproducible: Always

Steps to Reproduce:
Put this on www.newlocalhost.com/index.html
<html>
<body>
<iframe id="frame1" src="http://www.sleepydo.com/test1.html"></iframe>
<iframe id="frame2" src="http://www.sleepydo.com/test2.html"></iframe>
</body>
</html>

This is www.sleepydo.com/test1.html:
<html>
<body>
</body>
</html>

This is www.sleepydo.com/test2.html:
<html>
<body>
<script type="text/javascript">
  window.top['frame1'].document.getElementsByTagName('body')[0].innerHTML = "something";
</script>
</body>
</html>
Actual Results:  
permission denied on test2.html

Expected Results:  
It should be able to access properties of the window if accessing iframes by name instead of index (window.parent.frames[0]).
Attached file testcase 2 
I think this isn't a same-origin issue at all.  When an iframe has an id attribute (but not a name attribute), Firefox doesn't do the global-scope-pollution thing.  I also don't think this is a change from Firefox 3.5.
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: