[Webkit-unassigned] [Bug 165412] top.location.assign is undefined inside non-sandboxed iframe on different origin
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 7 17:14:16 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=165412
Daniel Bates <dbates at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Daniel Bates <dbates at webkit.org> ---
(In reply to comment #0)
> top.location.assign is undefined inside an iframe. For example,
>
> top: https://hello.com
> iframe: https://whatsapp.com
> script loaded from: https://whatsapp.com
> executes -> window.top.location.assign('https://whatever.com') // <- .assign is undefined and throws a security error
This is the correct behavior when accessing/calling location.assign() on a cross-origin Location instance as per <https://html.spec.whatwg.org/multipage/browsers.html#dom-location-assign>.
> [...]
> The expected behavior is that .assign would still work in non-sandboxed
> iframes - similar to replace.
No, this is not correct. See my above remark.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161208/4582333a/attachment.html>
More information about the webkit-unassigned
mailing list