[Webkit-unassigned] [Bug 235893] New: Accessing `window.frameElement` should not report error if parent is cross-origin
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 31 08:37:06 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=235893
Bug ID: 235893
Summary: Accessing `window.frameElement` should not report
error if parent is cross-origin
Product: WebKit
Version: Safari 15
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Frames
Assignee: webkit-unassigned at lists.webkit.org
Reporter: robertknight at gmail.com
Calling `window.frameElement` from an iframe with a cross-origin parent returns `null` in Chrome, Firefox and Safari. In Safari it additionally results in a console error with the text "Blocked a frame with origin $IFRAME_ORIGIN from accessing a frame with origin $PARENT_ORIGIN. Protocols, domains and ports must match." In Chrome/Firefox no such error is reported.
The specification [1] just says that the access should return null in this situation, it doesn't mention this access being an error. It looks like this may relate to a standards change described in https://github.com/whatwg/html/pull/266.
We came across this as our application had code that checked for null-ness of `window.frameElement` and then executed different code depending on whether the child frame can reach into the parent or not. Both cases are regarded as non-error scenarios in our context.
[1] https://html.spec.whatwg.org/multipage/browsers.html#dom-frameelement
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220131/91b79dea/attachment-0001.htm>
More information about the webkit-unassigned
mailing list