Closed
Bug 742728
Opened 12 years ago
Closed 10 years ago
Changing document.domain fails to protect DOM access
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 655649
People
(Reporter: daniel, Unassigned)
Details
Attachments
(1 file)
831 bytes,
text/plain
|
Details |
After changing the value of document.domain in an iframe, I tried accessing the DOM in the parent window and it didn't raise any error! Accessing window.top.document.location raised the expected security error, but accessing window.top.document.body (or any sub-element) did not. This is only a problem if the iframe was loaded from the same hostname as the parent window. Look at the attached testcase and compare the behavior with Chrome / IE.
Comment 2•10 years ago
|
||
Fixed since Firefox 16.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•