14248 2007-06-20 15:36:14 -0700 Webkit shows "Unsafe Javascript attempt to acesss the frame.......... . Domains must match" 2009-12-07 13:00:14 -0800 1 1 1 Unclassified WebKit Frames 523.x (Safari 3) Mac OS X 10.4 RESOLVED FIXED P2 Normal --- 0 madhu.mukund webkit-unassigned abarth fiedler.andre grahamperrin sam oldest_to_newest 6991 0 madhu.mukund 2007-06-20 15:36:14 -0700 Webkit shows "Unsafe Javascript attempt to acesss the frame.......... . Domains must match" error while accessing a child frame which has domain name similar to that of the parent domain. For eg. if the parent domain is 'myloc.app.server.com' and child frame is having domain as "app.server.com" it shows this javascript error and denies the permission to access the child frame. It is allowed in IE and Firefox. In WebKit also it allows to assign a new domain name to the child frame (through some domain relaxation script) provided it is a valid part of the parent domain name. So a child frame can have a new domain name like 'app.server.com'. But later it denies the permission to access this frame as the domain is not matching with the parent. 6975 1 15150 madhu.mukund 2007-06-20 17:39:04 -0700 Created attachment 15150 Sample html showing the error of domain mismatch This html shows the error due to domain mismatch. It is not allowing to access the child frame once the domain is changed for it. It is allowing to change the domain, since the new domain is a substring of the parent domain. 169388 2 fiedler.andre 2009-12-07 11:16:12 -0800 Same error for me in Safari 4.0.4... no JavaScript. Take a look at: http://www.eazyshoppinglist.com/ just HTML & CSS 169425 3 abarth 2009-12-07 12:26:33 -0800 This is fixed at TOT. Please confirm by trying a nightly build from http://nightly.webkit.org/ 169435 4 fiedler.andre 2009-12-07 13:00:14 -0800 Yes, works for me! Thx! :o) 15150 2007-06-20 17:39:04 -0700 2007-06-20 17:39:04 -0700 Sample html showing the error of domain mismatch domain_relax.html text/html 1307 madhu.mukund PGh0bWw+CjxoZWFkPgoJPHRpdGxlPlNhZmFyaSBUZXN0PC90aXRsZT4KCTxzY3JpcHQgbGFuZ3Vh Z2U9ImphdmFzY3JpcHQiPgoJCgl2YXIgaW5kZXg9MDsKCQoJZnVuY3Rpb24gY3JlYXRlZnJhbWUo KQoJewoJCWluZGV4Kys7CgkJdmFyIG9GcmFtZXNDb250YWluZXIgPSBkb2N1bWVudC5nZXRFbGVt ZW50c0J5VGFnTmFtZSgiQk9EWSIpLml0ZW0oMCk7CgkJdmFyIG9GcmFtZSA9IGRvY3VtZW50LmNy ZWF0ZUVsZW1lbnQoIklGUkFNRSIpOwoJCW9GcmFtZS5zZXRBdHRyaWJ1dGUoIm5hbWUiLCJ0ZXN0 IitpbmRleCk7CgkJb0ZyYW1lLnNldEF0dHJpYnV0ZSgic3JjIiwiIik7CgkJb0ZyYW1lLnNldEF0 dHJpYnV0ZSgic3R5bGUiLCJ3aWR0aDo0MDBweDtoZWlnaHQ6MzAwcHg7Ym9yZGVyOjFweCBzb2xp ZCByZWQiKTsKCQlvRnJhbWUuc2V0QXR0cmlidXRlKCJ0YWJpbmRleCIsIi0xIik7CgkJb0ZyYW1l LnNldEF0dHJpYnV0ZSgiZnJhbWVib3JkZXIiLCIwIik7CiAgICAJb0ZyYW1lLnNldEF0dHJpYnV0 ZSgiYm9yZGVyIiwibm8iKTsKICAgIAlvRnJhbWUuc2V0QXR0cmlidXRlKCJzY3JvbGxpbmciLCJu byIpOwogICAgCW9GcmFtZXNDb250YWluZXIuYXBwZW5kQ2hpbGQob0ZyYW1lKTsKICAgIAkKICAg IAl2YXIgY2hpbGRGcmFtZSA9d2luZG93LmZyYW1lc1sndGVzdCcraW5kZXhdOwogICAgCXZhciBo bmFtZSA9IGRvY3VtZW50LmRvbWFpbjsKICAgIAl2YXIgY2hpbGREb21haW4gPWhuYW1lLnN1YnN0 cihobmFtZS5pbmRleE9mKCcuJykrMSk7CiAgICAJCgkgICAgdmFyIHN0ckNvbnRlbnQgPSAiPGh0 bWw+PGhlYWQ+IisiPHNjIisicmlwdD4iICsgCgkJCQkJCSJkb2N1bWVudC5kb21haW49XCIiK2No aWxkRG9tYWluKyJcIiA7ICIrCgkJCQkJCSI8XC9zYyIrInJpcHQ+PFwvaGVhZD48Ym9keT5UZXN0 aW5nIGRvY3VtZW50LmRvbWFpbiAiK2luZGV4OwoJCQkKCQlzdHJDb250ZW50Kz0iPFwvYm9keT48 XC9odG1sPiI7CiAgICAJY2hpbGRGcmFtZS53aW5kb3cuZG9jdW1lbnQud3JpdGUoc3RyQ29udGVu dCk7CiAgICAJYWxlcnQoY2hpbGRGcmFtZS53aW5kb3cuZG9jdW1lbnQubmFtZSk7CiAgICAJY2hp bGRGcmFtZS53aW5kb3cuZG9jdW1lbnQuY2xvc2UoKTsKICAgCQkKCX0KCTwvc2NyaXB0Pgo8L2hl YWQ+Cjxib2R5PgoJPGgzPlRlc3RpbmcgRG9jdW1lbnQuZG9tYWluIGluIHBhcmVudCBhbmQgY2hp bGQgZnJhbWVzPC9oMz4KPEJSPgo8aW5wdXQgdHlwZSA9ICJidXR0b24iIHZhbHVlID0iY3JlYXRl IGZyYW1lIiBvbmNsaWNrID0gImNyZWF0ZWZyYW1lKCkiPgoKPC9ib2R5Pgo8L2h0bWw+Cgo=