RESOLVED WONTFIX 13951
"unsafe" error when accessing contentDocument of svg object created with data attribute 
https://bugs.webkit.org/show_bug.cgi?id=13951
Summary "unsafe" error when accessing contentDocument of svg object created with data...
Teun
Reported 2007-05-31 09:34:57 PDT
On an <object> with data="data:image/svg+xml,<?xml..." i am not allowd to access the objectElement.contentDocument. The followin error is given: Unsafe JavaScript attempt to access frame with URL data:image/svg+xml,%3C?xml%20version=%221 ... 94%3C/text%3E%3C/g%3E%3C/svg%3E from frame with URL http://local.domain.tld/html/. Domains must match. Since the object was created from the current document, one would expect to be able to access it.
Attachments
HTML file that creates an SVG object and attempts to access its contentDocument (1.05 KB, text/html)
2007-05-31 09:45 PDT, Teun 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Teun
Comment 1 2007-05-31 09:45:31 PDT
Created attachment 14804 [details] HTML file that creates an SVG object and attempts to access its contentDocument
David Kilzer (:ddkilzer)
Comment 2 2007-06-01 08:11:10 PDT
Confirmed with a local debug build of WebKit r21911 with Safari 2.0.4 (419.3) on Mac OS X 10.4.9 (8P135). JavaScript Console: Unsafe JavaScript attempt to access frame with URL data:image/svg+xml,%3C?xml%20version=%221.0%22%20encoding=%22UTF-8%22?%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20version=%221.1%22%20baseProfile=%22full%22%20width=%22100%%22%20height=%22100%%22%20viewBox=%220%200%20350%20235%22%3E%3Crect%20x=%220%22%20y=%2233%22%20width=%22350%22%20height=%22133%22%20fill=%22red%22/%3E%3C/svg%3E from frame with URL http://bugs.webkit.org/attachment.cgi?id=14804. Domains must match.
Adam Barth
Comment 3 2010-01-02 09:56:44 PST
This is a consequence of WebKit treating data URLs as having a unique origin. There's been some debate about whether we should change that behavior globally. If/when we do that, this bug will be fixed as a consequence.
Note You need to log in before you can comment on or make changes to this bug.