Closed
Bug 82344
Opened 24 years ago
Closed 24 years ago
javascript failing in frameset located on multiple domains
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: olafbuddenhagen, Assigned: jst)
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.13 i686; en-US; rv:0.9+) Gecko/20010522 BuildID: 2001052213 In a framset with the frames located at a different domain than the frameset definition, access to "top" (or "parent") causes a javascript exception. Reproducible: Always Steps to Reproduce: 1.open a page on foo.net containing some frames located at bar.net 2.in one of the frames at bar.net, start a javascript containing something like: top.frame[0].location.href="http://bar.net/barfoo.html" Actual Results: mozilla reports "javascript: line 0: uncaught exception: access to property denied" or something the like (I don't remember the exact wording...) Expected Results: load barfoo.html in frame 0 Sorry, no URL, as the site using this requires registration. However, if you have access to multiple computers or a multihost, it shouldn't be too hard to reproduce... Note on reproducibility: I can *not* reproduce the error message itself anymore -- it *was* reproducible, but somehow is no longer (although I tried even with the same build, I think)... However, the problem itself *is* reproducible (it does not print anything, but stops the script anyhow), and has been there for months.
Comment 1•24 years ago
|
||
Looks alot like bug 56053 to me. Sounds like a cross domain security feature.
Comment 2•24 years ago
|
||
This _is_ a security feature. See bug 45099 for some discussion and a possible security exploit scenario. Marking duplicate. *** This bug has been marked as a duplicate of 52920 ***
Status: UNCONFIRMED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•