olafbuddenhagen Reporter
	Description • 24 years ago

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.13 i686; en-US; rv:0.9+) Gecko/20010522
BuildID:    2001052213

In a framset with the frames located at a different domain than the frameset
definition, access to "top" (or "parent") causes a javascript exception.

Reproducible: Always
Steps to Reproduce:
1.open a page on foo.net containing some frames located at bar.net
2.in one of the frames at bar.net, start a javascript containing something like:
top.frame[0].location.href="http://bar.net/barfoo.html"

Actual Results:  mozilla reports "javascript: line 0: uncaught exception: access
to property denied" or something the like (I don't remember the exact wording...)

Expected Results:  load barfoo.html in frame 0

Sorry, no URL, as the site using this requires registration. However, if you
have access to multiple computers or a multihost, it shouldn't be too hard to
reproduce...

Note on reproducibility: I can *not* reproduce the error message itself anymore
-- it *was* reproducible, but somehow is no longer (although I tried even with
the same build, I think)...

However, the problem itself *is* reproducible (it does not print anything, but
stops the script anyhow), and has been there for months.

	Chris Hiner
	Comment 1 • 24 years ago

Looks alot like bug 56053 to me.  Sounds like a cross domain security feature.

	Boris Zbarsky [:bzbarsky]
	Comment 2 • 24 years ago

This _is_ a security feature.  See bug 45099 for some discussion and a possible 
security exploit scenario.

Marking duplicate.

*** This bug has been marked as a duplicate of 52920 ***

	Prashant Desale
	Comment 3 • 24 years ago

verified dupe.