Closed
Bug 60979
Opened 24 years ago
Closed 24 years ago
frameRef.location.replace('someURl') causes exception when frame is on a different server
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
Future
People
(Reporter: martin.honnen, Assigned: security-bugs)
Details
Attachments
(1 file)
In NN3/4 and in IE you can set the location of a frame even if the frame is on a
different server, they disallow only read access to the location.
Mozilla however throws an exception "access denied" when you try to change the
location. This is incomptatible with common practice in other web browsers.
Example
<HTML>
<HEAD>
</HEAD>
<FRAMESET ROWS="50%, 50%"
ONLOAD="frames[1].location.replace('http://www.yahoo.com')">
<FRAME SRC="about: blank">
<FRAME SRC="http://www.kibo.com">
</FRAMESET>
</HTML>
shows an exception in the js console instead of loading the new url.
Reporter | ||
Comment 1•24 years ago
|
||
Assignee | ||
Comment 3•24 years ago
|
||
Oversight on my part...easy fix. Just need to open up the replace() function.
Status: NEW → ASSIGNED
Assignee | ||
Comment 4•24 years ago
|
||
Actually, to open up location.replace, I need to make document.location
readable, which would allow reading the location of another window, which is
bad. A workaround is to use location= instead of location.replace(), since
location is writeable but not readable. Let's revisit this if and when DOM moves
to XPConnect; it may be easier to fix then.
Target Milestone: --- → Future
Assignee | ||
Comment 5•24 years ago
|
||
This is a dup of 56053. That bug is about location.href rather than location,
but the cause is the same: window.location is write-only, and the security
manager does a "read" check on location when location.replace() is called or
location.href assigned to.
*** This bug has been marked as a duplicate of 56053 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•