[Webkit-unassigned] [Bug 16444] New: Cross-frame scripting not working in Safari 3.0.4 despite proper document.domain set in all frames

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Dec 14 16:53:09 PST 2007 

http://bugs.webkit.org/show_bug.cgi?id=16444

           Summary: Cross-frame scripting not working in Safari 3.0.4
                    despite proper document.domain set in all frames
           Product: WebKit
           Version: 523.x (Safari 3)
          Platform: All
               URL: http://frameset.ds2ps.net/frames-test/frameset.html
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Frames
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: s.skugarev at providesupport.com


Hello,

I've found that cross-frame scripting is not working in Safari 3.0.4, as it
worked
ok on Safari 3.0.1, and in other browsers I tried: Firefox, Mozilla, IE.

document.domain property is set to "ds2ps.net", correctly to the best of my
knowledge
in the frameset and in both frames. Both frames and frameset are loaded
from subdomains of the same domain "ds2ps.net"

Please have a look at this mimimal example:
http://frameset.ds2ps.net/frames-test/frameset.html

Press buttons to get alert with value of a variable defined in the frameset
and in the first frame.

This gives "undefined" in Safari 3.0.4, and give following message in Safari
JavaScript console:

Unsafe JavaScript attempt to access frame with URL
http://frameset.ds2ps.net/frames-test/frameset.html from frame with URL
http://frame2.ds2ps.net/frames-test/frame2.html. Domains, protocols and ports
must match.

Works ok in all other browsers and in earlier versions of Safari.

I would appreciate if Apple Safari developers have a look at this problem and
suggest solution.
My company is developing web application which depends on cross-frame
scripting,
and we would like to continue supporting Safari browser.

Thank you.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list