<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - top.location.assign is undefined inside non-sandboxed iframe on different origin"

   href="https://bugs.webkit.org/show_bug.cgi?id=165412">165412</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>top.location.assign is undefined inside non-sandboxed iframe on different origin

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>Safari 10

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>iPhone / iPad

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>iOS 10

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Frames

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>mkhatib727&#64;gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>top.location.assign is undefined inside an iframe. For example,

top: <a href="https://hello.com">https://hello.com</a>

  iframe: <a href="https://whatsapp.com">https://whatsapp.com</a>

     script loaded from: <a href="https://whatsapp.com">https://whatsapp.com</a>

        executes -&gt; window.top.location.assign('<a href="https://whatever.com">https://whatever.com</a>') // &lt;- .assign is undefined and throws a security error

        executes -&gt; window.top.location.replace('<a href="https://whatever.com">https://whatever.com</a>') // &lt;- .replace is NOT undefined and works as expected

        executes -&gt; window.top.location.href = '<a href="https://whatever.com">https://whatever.com</a>' // &lt;- works as expected

Errors thrown by .assign:

window.top.location.assign is not a function. (In 'window.top.location.assign(url)', 'window.top.location.assign' is undefined)

Blocked a frame with origin '<a href="https://whatsapp">https://whatsapp</a>' from accessing a frame with origin '<a href="https://hello.com">https://hello.com</a>'. Protocols, domains, and ports must match.

The expected behavior is that .assign would still work in non-sandboxed iframes - similar to replace.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>