13951 2007-05-31 09:34:57 -0700 "unsafe" error when accessing contentDocument of svg object created with data attribute 2010-01-02 09:56:44 -0800 1 1 1 Unclassified WebKit New Bugs 523.x (Safari 3) Mac OS X 10.4 RESOLVED WONTFIX P2 Normal --- 1 teun webkit-unassigned abarth oldest_to_newest 8650 0 teun 2007-05-31 09:34:57 -0700 On an <object> with data="data:image/svg+xml,<?xml..." i am not allowd to access the objectElement.contentDocument. The followin error is given: Unsafe JavaScript attempt to access frame with URL data:image/svg+xml,%3C?xml%20version=%221 ... 94%3C/text%3E%3C/g%3E%3C/svg%3E from frame with URL http://local.domain.tld/html/. Domains must match. Since the object was created from the current document, one would expect to be able to access it. 8648 1 14804 teun 2007-05-31 09:45:31 -0700 Created attachment 14804 HTML file that creates an SVG object and attempts to access its contentDocument 8481 2 ddkilzer 2007-06-01 08:11:10 -0700 Confirmed with a local debug build of WebKit r21911 with Safari 2.0.4 (419.3) on Mac OS X 10.4.9 (8P135). JavaScript Console: Unsafe JavaScript attempt to access frame with URL data:image/svg+xml,%3C?xml%20version=%221.0%22%20encoding=%22UTF-8%22?%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20version=%221.1%22%20baseProfile=%22full%22%20width=%22100%%22%20height=%22100%%22%20viewBox=%220%200%20350%20235%22%3E%3Crect%20x=%220%22%20y=%2233%22%20width=%22350%22%20height=%22133%22%20fill=%22red%22/%3E%3C/svg%3E from frame with URL http://bugs.webkit.org/attachment.cgi?id=14804. Domains must match. 176332 3 abarth 2010-01-02 09:56:44 -0800 This is a consequence of WebKit treating data URLs as having a unique origin. There's been some debate about whether we should change that behavior globally. If/when we do that, this bug will be fixed as a consequence. 14804 2007-05-31 09:45:31 -0700 2007-05-31 09:45:31 -0700 HTML file that creates an SVG object and attempts to access its contentDocument svgobject.html text/html 1071 teun PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlvbmFs Ly9FTiI+DQo8aHRtbD4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iY29udGVudC10eXBlIiBj b250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjUwIj4NCjx0aXRsZT5XZWJraXQg QnVnIDEzOTUxIHRlc3RjYXNlPC90aXRsZT4NCjxzY3JpcHQ+DQp2YXIgaW5pdCA9IGZ1bmN0aW9u KCkNCnsNCgl2YXIgc3ZnT2JqZWN0ID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgib2JqZWN0Iik7 DQoJc3ZnT2JqZWN0LnNldEF0dHJpYnV0ZSgidHlwZSIsICJpbWFnZS9zdmcreG1sIik7DQoJc3Zn T2JqZWN0LnNldEF0dHJpYnV0ZSgic3R5bGUiLCAid2lkdGg6IDEwMCU7IGhlaWdodDogMTAwJTsg bWFyZ2luOiAwOyIpOw0KCXN2Z09iamVjdC5zZXRBdHRyaWJ1dGUoImRhdGEiLCAnZGF0YTppbWFn ZS9zdmcreG1sLDw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+PHN2ZyB4bWxu cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3Lncz Lm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjEiIGJhc2VQcm9maWxlPSJmdWxsIiB3aWR0aD0i MTAwJSIgaGVpZ2h0PSIxMDAlIiB2aWV3Qm94PSIwIDAgMzUwIDIzNSI+PHJlY3QgeD0iMCIgeT0i MzMiIHdpZHRoPSIzNTAiIGhlaWdodD0iMTMzIiBmaWxsPSJyZWQiLz48L3N2Zz4nKTsNCglkb2N1 bWVudC5ib2R5LmFwcGVuZENoaWxkKHN2Z09iamVjdCk7DQp9Ow0KdmFyIG1ha2VFcnJvciA9IGZ1 bmN0aW9uKCkNCnsNCgl2YXIgb2JqZWN0ID0gZG9jdW1lbnQuYm9keS5nZXRFbGVtZW50c0J5VGFn TmFtZSgib2JqZWN0IilbMF07DQoJYWxlcnQob2JqZWN0LmNvbnRlbnREb2N1bWVudCk7DQp9Ow0K PC9zY3JpcHQ+DQo8L2hlYWQ+DQo8Ym9keSBvbmxvYWQ9ImluaXQoKTsiPg0KPGJ1dHRvbiBvbmNs aWNrPSJtYWtlRXJyb3IoKTsiPkNyZWF0ZSB0aGUgInVuc2FmZSAuLi4iIGVycm9yPC9idXR0b24+ PGJyLz4NCnJlZCBzdmcgcmVjdGFuZ2xlOg0KPC9ib2R5Pg0KPC9odG1sPg0K