[Webkit-unassigned] [Bug 64079] New: Sandboxed iframe gives misleading xss-error
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 7 04:36:02 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=64079
Summary: Sandboxed iframe gives misleading xss-error
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Minor
Priority: P2
Component: Frames
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: pasi at workflower.fi
Trying to access same-origin content of a sandboxed iframe <iframe src="..." sandbox> gives a misleading error-message.
"Unsafe JavaScript attempt to access frame with URL http://domain.com/url1 from frame with URL http://domain.com/url2app/html/app.html. Domains, protocols and ports must match."
Error message should reference the sandboxed state to be useful.
"Prevented access to sandboxed iframe."
In my example, I used the following jQuery:
$('#iframeId').contents();
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list