Closed Bug 60689 Opened 24 years ago Closed 24 years ago

Break frames java script doesnt work.

Categories

(Core :: Layout: Images, Video, and HTML Frames, defect, P3)

Product:
Core
Component:
Layout: Images, Video, and HTML Frames
Platform:
x86
Windows 2000
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 68782
Milestone:
Future

People

(Reporter: seany187, Assigned: security-bugs)

References

(
URL
)

Details

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; m18) Gecko/20001119 BuildID: 2000111908 The break frames for this page doesnt not work. If it does have frames the layout gets messed up. I am not sure what the exact cause it but I beleive it has something to do with the break frames not working. Reproducible: Always Steps to Reproduce: go to the site in mozilla Actual Results: layout is messed up Expected Results: normal layout
Browser, not engine --> Layout
Assignee: rogerl → clayton
Component: Javascript Engine → Layout
QA Contact: pschwartau → petersen
Chnaging to HTML Frames
Assignee: clayton → pollmann
Status: UNCONFIRMED → NEW
Component: Layout → HTMLFrames
Ever confirmed: true
reporter does this still happen in recent nightlies? it works for me on mozilla0.8 Thanks!
It is still a bug in the latest builds. But, the page layout in no longer messed up but it still does not break frames.
Frameset document loads from: http://diablo2.cheatlist.com/ and the "break frames" javascript is in a frame of this frameset named "cheatlist.com" with a source of: http://www.dcemulation.com/diablo2/ and is: if (top.location !=self.location) {top.location=self.location} this code throws a frame security error. This is because NN 6 has access to other frame *window* objects from different domains restricted to the same policy as NN 4+ frame *document* restrictions from different domains. Even if the code were: if (top.frames["cheatlist.com"] == self) {top.location=self.location} it would still throw an error because with NN 6 ( unlike previous NN releases ) you do not have access to the frames array because you do not have access to the window since it is a different domain - the frame "cheatlist.com" can't even reference itself if it goes through a parent frame that is from a different domain! It is my contention that this is a bug in that the security restriction is too tight. Other frame capable browsers such as IE 4+ and NN 4+ allow access to window objects across domains because they do not reveal anything and allow developers a way to break out of frames ( top.frames.length for example ). Also there are site developers who want their frameset documents to be different domains than their frames so they can farm out web pages, two sibling frames window objects from the same domain cannot access one another if their parent frame is a different domain. Bug 54060 has the exact same error message ( possible dup ) that this scenario causes. Tested with Mozilla Build 2001030505.
Target Milestone: --- → Future
assigning to mstoltz to check if this is dup of 54060
Assignee: pollmann → mstoltz
*** This bug has been marked as a duplicate of 68782 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Verified dup.
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in before you can comment on or make changes to this bug.