Setting document.domain breaks getSVGDocument and contentDocument

RESOLVED INVALID

Status

()

Core
DOM
RESOLVED INVALID
5 years ago
5 years ago

People

(Reporter: Jouni T., Unassigned)

Tracking

23 Branch
x86
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36

Steps to reproduce:

1. Create file "circle.svg" with following content:
<svg xmlns="http://www.w3.org/2000/svg" version="1.1">
  <script type="text/ecmascript"><![CDATA[
    document.domain = window.location.host;
  ]]></script>
  <circle cx="100" cy="50" r="40" stroke="black"
  stroke-width="2" fill="red" />
</svg>

2. Create file "circle.html" (in same folder with file "circle.svg") with following content:
<html>
    <head>
        <meta charset="utf-8">
        <title>Circle SVG</title>
        <script type="text/javascript">
            window.onload = function()
            {
                document.domain = window.location.host;
                var svgObject = document.getElementById("svg-object").contentDocument;
                console.log(svgObject);
                var svgEmbed = document.getElementById('svg-embed').getSVGDocument();
                console.log(svgEmbed);
            }
        </script>
    </head>
    <body>
        <object id="svg-object" data="circle.svg"></object>
        <embed id="svg-embed" src="circle.svg" width="300" height="150" type="image/svg+xml" />
    </body>
</html>

3. Open file "circle.html" (not through file:// protocol but use http://)
4. Open Tools -> Web Developer -> Web Console


Actual results:

console.log returned 'null' twice


Expected results:

console.log should have returned two SVGDocument objects since their document.domain is same. If you comment out "circle.html" line "// document.domain = window.location.host;" you can see the expected result.

Updated

5 years ago
Component: Untriaged → DOM
Product: Firefox → Core

Comment 1

5 years ago
Regression window(m-c)
Good:
http://hg.mozilla.org/mozilla-central/rev/c9b8fdfe0299
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130504 Firefox/23.0 ID:20130504032244
Bad: null
http://hg.mozilla.org/mozilla-central/rev/7ef3c04c7533
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130504 Firefox/23.0 ID:20130504140045
pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c9b8fdfe0299&tochange=7ef3c04c7533

Regression window(m-i)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/78802b1601ed
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130503 Firefox/23.0 ID:20130503144646
Bad:
http://hg.mozilla.org/integration/mozilla-inbound/rev/bfe5c0296c3b
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130503 Firefox/23.0 ID:20130503144744
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=78802b1601ed&tochange=bfe5c0296c3b

Suspected: Bug 829872
Blocks: 829872
Version: 24 Branch → 23 Branch
document.domain is readonly on SVGDocument per-webIDL, so the current behavior is spec correct - the HTML document has an explicit origin set, the SVG document does not, so their effective script origin is different.

I'm curious why this ever worked, though. Firing up an esr build to see what was going on.
Oh, I see. The object was returned, but it was opaque. That's what I'd expect. Testcase hosted here: http://people.mozilla.com/~bholley/testcases/svg-docdomain/circle.html

Jouni, were you able to actually do anything with the objects (access properties, etc), or is the issue just null-vs-non-null? I suspect the latter, in which case this is WONTFIX.
Flags: needinfo?(agony79)
(Reporter)

Comment 4

5 years ago
Bobby: when null is returned, SVG manipulation with JavaScript is impossible. I have larger & more complex project in development which animate SVG with JavaScript, and if document.domain is set, animation cannot be done.
(Reporter)

Updated

5 years ago
Flags: needinfo?(agony79)
(In reply to Jouni T. from comment #4)
> Bobby: when null is returned, SVG manipulation with JavaScript is
> impossible. I have larger & more complex project in development which
> animate SVG with JavaScript, and if document.domain is set, animation cannot
> be done.

As noted, document.domain on SVG documents is a read-only property per-spec. You can't set it.

We previously returned non-null, but you got a cross-origin document, which threw a security error if you tried to do anything with it. So I was curious as to what  you were able to do with that document before we started returning null.
Flags: needinfo?(agony79)
(Reporter)

Comment 6

5 years ago
I'm not sure what happens if you use earlier version of Firefox.

Ok. SVG document.domain is read-only. Let's change test case a bit:

circle.svg:
<svg xmlns="http://www.w3.org/2000/svg" version="1.1">
  <script type="text/ecmascript"><![CDATA[
    //document.domain = window.location.host;
    alert(document.domain);
  ]]></script>
  <circle cx="100" cy="50" r="40" stroke="black"
  stroke-width="2" fill="red" />
</svg>

circle.html:
<html>
    <head>
        <meta charset="utf-8">
        <title>Circle SVG</title>
        <script type="text/javascript">
            window.onload = function()
            {
                document.domain = window.location.host;
                alert(document.domain);
                var svgObject = document.getElementById("svg-object").contentDocument;
                console.log(svgObject);
                var svgEmbed = document.getElementById('svg-embed').getSVGDocument();
                console.log(svgEmbed);
            }
        </script>
    </head>
    <body>
        <object id="svg-object" data="circle.svg"></object>
        <embed id="svg-embed" src="circle.svg" width="300" height="150" type="image/svg+xml" />
    </body>
</html>

Now you should see total of 3 popups (first one from SVG object, second one from SVG embed and third one from HTML), which all have same domain (in my test case circle.test.local). And if you comment out document.domain line from circle.html, all popups still have same value but null is returned? Why?
Flags: needinfo?(agony79)
(In reply to Jouni T. from comment #6)
> I'm not sure what happens if you use earlier version of Firefox.

I had assumed that you were filing this bug as a regression - i.e. something that used to work in Firefox, but doesn't anymore.

> Now you should see total of 3 popups (first one from SVG object, second one
> from SVG embed and third one from HTML), which all have same domain (in my
> test case circle.test.local). And if you comment out document.domain line
> from circle.html, all popups still have same value but null is returned? Why?

Do you mean that null is returned if circle.html contains document.domain, or if it does _not_ contain document.domain? I would expect the former to be true.

I'm pretty sure our current behavior is spec-correct. In general, use of document.domain on the web is highly discouraged.
(Reporter)

Comment 9

5 years ago
(In reply to Bobby Holley (:bholley) from comment #8)
> Do you mean that null is returned if circle.html contains document.domain,
> or if it does _not_ contain document.domain? I would expect the former to be
> true.

null is returned when HTML contain document.domain.
 
> I'm pretty sure our current behavior is spec-correct. In general, use of
> document.domain on the web is highly discouraged.

So basically if you have to use document.domain for some reason, you won't be able to manipulate embedded SVG object with JavaScript in Firefox? And I still don't understand why Firefox default document.domain value "same.domain" is different than JavaScript set document.domain value "same.domain"?
(In reply to Jouni T. from comment #9)
> null is returned when HTML contain document.domain.

Ok. That is correct behavior.

> > I'm pretty sure our current behavior is spec-correct. In general, use of
> > document.domain on the web is highly discouraged.
> 
> So basically if you have to use document.domain for some reason

You should never have to use document.domain. It's in the spec for compatibility reasons, but all new sites should use postMessage to communicate across origins.

> you won't
> be able to manipulate embedded SVG object with JavaScript in Firefox?

Or any other browser that is spec-compliant on this issue.

> And I
> still don't understand why Firefox default document.domain value
> "same.domain" is different than JavaScript set document.domain value
> "same.domain"?

See the "Notes" section of https://developer.mozilla.org/en-US/docs/Web/API/document.domain.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.