[Webkit-unassigned] [Bug 45622] New: Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL ... Domains, protocols and ports must match.

Sun Sep 12 15:48:32 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=45622

           Summary: Unsafe JavaScript attempt to access frame with URL
                    about:blank from frame with URL ... Domains, protocols
                    and ports must match.
           Product: WebKit
           Version: 525.x (Safari 3.2)
          Platform: Macintosh Intel
               URL: http://www.scottschmitz.com/SignOnTest.php
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: scott at realorganized.com

I execute the following URL:

http://www.scottschmitz.com/SignOnTest.php

which is basically code that will sign into and out of the Google Contacts API.  When I run using Safari 5.01, I get an error:

Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL h... Domains, protocols and ports must match.

The page at https://www.google.com/accounts/AuthSubRevokeTokenJS ran insecure content from http://www.google.com/uds/modules/gdata/gdata-xd.js.

I believe that this bug relates to the additional of XSS Auditor code which tries to stop malicious code from executing.  IE8 has similar code and I am able to disable errors from IE by adding this header:
X-XSS-Protection: 0

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.