<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><span class="vcard"><a class="email" href="mailto:dbates&#64;webkit.org" title="Daniel Bates &lt;dbates&#64;webkit.org&gt;"> <span class="fn">Daniel Bates</span></a>

</span> changed

              <a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED WONTFIX - top.location.assign is undefined inside non-sandboxed iframe on different origin"

   href="https://bugs.webkit.org/show_bug.cgi?id=165412">bug 165412</a>

        <br>

             <table border="1" cellspacing="0" cellpadding="8">

          <tr>

            <th>What</th>

            <th>Removed</th>

            <th>Added</th>

          </tr>

         <tr>

           <td style="text-align:right;">Status</td>

           <td>NEW

           </td>

           <td>RESOLVED

           </td>

         </tr>

         <tr>

           <td style="text-align:right;">Resolution</td>

           <td>---

           </td>

           <td>WONTFIX

           </td>

         </tr></table>

      <p>

        <div>

            <b><a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED WONTFIX - top.location.assign is undefined inside non-sandboxed iframe on different origin"

   href="https://bugs.webkit.org/show_bug.cgi?id=165412#c1">Comment # 1</a>

              on <a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED WONTFIX - top.location.assign is undefined inside non-sandboxed iframe on different origin"

   href="https://bugs.webkit.org/show_bug.cgi?id=165412">bug 165412</a>

              from <span class="vcard"><a class="email" href="mailto:dbates&#64;webkit.org" title="Daniel Bates &lt;dbates&#64;webkit.org&gt;"> <span class="fn">Daniel Bates</span></a>

</span></b>

        <pre>(In reply to <a href="show_bug.cgi?id=165412#c0">comment #0</a>)

<span class="quote">&gt; top.location.assign is undefined inside an iframe. For example,

&gt;   

&gt; top: <a href="https://hello.com">https://hello.com</a>

&gt;   iframe: <a href="https://whatsapp.com">https://whatsapp.com</a>

&gt;      script loaded from: <a href="https://whatsapp.com">https://whatsapp.com</a>

&gt;         executes -&gt; window.top.location.assign('<a href="https://whatever.com">https://whatever.com</a>') // &lt;- .assign is undefined and throws a security error</span >

This is the correct behavior when accessing/calling location.assign() on a cross-origin Location instance as per &lt;<a href="https://html.spec.whatwg.org/multipage/browsers.html#dom-location-assign">https://html.spec.whatwg.org/multipage/browsers.html#dom-location-assign</a>&gt;.

<span class="quote">&gt; [...]

&gt; The expected behavior is that .assign would still work in non-sandboxed

&gt; iframes - similar to replace.</span >

No, this is not correct. See my above remark.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>