In NN3/4 and in IE you can set the location of a frame even if the frame is on a different server, they disallow only read access to the location. Mozilla however throws an exception "access denied" when you try to change the location. This is incomptatible with common practice in other web browsers. Example <HTML> <HEAD> </HEAD> <FRAMESET ROWS="50%, 50%" ONLOAD="frames.location.replace('http://www.yahoo.com')"> <FRAME SRC="about: blank"> <FRAME SRC="http://www.kibo.com"> </FRAMESET> </HTML> shows an exception in the js console instead of loading the new url.
Created attachment 19622 [details] test case (tries to load url in frame which causes exception in the js console)
Over to security...
Assignee: jst → mstoltz
Oversight on my part...easy fix. Just need to open up the replace() function.
Status: NEW → ASSIGNED
Actually, to open up location.replace, I need to make document.location readable, which would allow reading the location of another window, which is bad. A workaround is to use location= instead of location.replace(), since location is writeable but not readable. Let's revisit this if and when DOM moves to XPConnect; it may be easier to fix then.
Target Milestone: --- → Future
This is a dup of 56053. That bug is about location.href rather than location, but the cause is the same: window.location is write-only, and the security manager does a "read" check on location when location.replace() is called or location.href assigned to. *** This bug has been marked as a duplicate of 56053 ***
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.