[webkit-dev] Throwing SECURITY_ERR on cross-origin window.location property accesses

Rob Barreca rob at sproutinc.com
Wed Aug 25 18:06:10 PDT 2010

On Mon, Aug 16, 2010 at 2:16 PM, Sam Weinig <sam.weinig at gmail.com> wrote:

> I am not sure I agree. Does our behavior actually cause any real bugs in
> the places you have tracked down? The log spam really doesn't seem like an
> issue, we can remove it if we want to, but have found it useful in the
> past.

There is definitely a bug and a real-world use case for this for WebKit. At
Sprout (http://sproutinc.com) we have a generic platform to design mobile
HTML5 ads which are served inside an IFRAME. We allow designers to link
elements in top window and new window. If they choose "top window", in
Android 2.2 when we do "window.top.location.href = url" instead of going to
the URL or just halting code execution, the browser refreshes the current
top-level page.

We need a way to test for the security exception or at least detect some
other property of window.top and then do window.open(url) instead when that
security error is trapped or we detect different-origin.

Rob Barreca
Director of Development
Sprout, Inc.
Mobile: 808.224.1905

Confidential and Proprietary Property of Sprout; Do not distribute.  The
information contained in this email is confidential.  This information is
intended for use only by the individual to whom it is addressed. If you are
not the intended recipient, you are hereby notified that any use,
dissemination, distribution or copying of this communication and its
contents is strictly prohibited. If you have received this email in error,
please immediately notify the sender by return email and delete this email
and attachments, and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20100825/bf62d7c6/attachment.html>

More information about the webkit-dev mailing list