frameRef.location.replace('someURl') causes exception when frame is on a different server

VERIFIED DUPLICATE of bug 56053

Status

()

Core
DOM: Core & HTML
P3
normal
VERIFIED DUPLICATE of bug 56053
18 years ago
18 years ago

People

(Reporter: Martin Honnen, Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
Future
x86
Other
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
In NN3/4 and in IE you can set the location of a frame even if the frame is on a
different server, they disallow only read access to the location.
Mozilla however throws an exception "access denied" when you try to change the
location. This is incomptatible with common practice in other web browsers.

Example

<HTML>
<HEAD>

</HEAD>
<FRAMESET ROWS="50%, 50%"
          ONLOAD="frames[1].location.replace('http://www.yahoo.com')">
<FRAME SRC="about: blank">
<FRAME SRC="http://www.kibo.com">
</FRAMESET>
</HTML>

shows an exception in the js console instead of loading the new url.
(Reporter)

Comment 1

18 years ago
Created attachment 19622 [details]
test case (tries to load url in frame which causes exception in the js console)
Over to security...
Assignee: jst → mstoltz
(Assignee)

Comment 3

18 years ago
Oversight on my part...easy fix. Just need to open up the replace() function.
Status: NEW → ASSIGNED
(Assignee)

Comment 4

18 years ago
Actually, to open up location.replace, I need to make document.location
readable, which would allow reading the location of another window, which is
bad. A workaround is to use location= instead of location.replace(), since
location is writeable but not readable. Let's revisit this if and when DOM moves
to XPConnect; it may be easier to fix then.
Target Milestone: --- → Future
(Assignee)

Comment 5

18 years ago
This is a dup of 56053. That bug is about location.href rather than location,
but the cause is the same: window.location is write-only, and the security
manager does a "read" check on location when location.replace() is called or
location.href assigned to.

*** This bug has been marked as a duplicate of 56053 ***
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE

Comment 6

18 years ago
VERIFIED dup
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.