3593 2005-06-17 11:50:35 -0700 iFrame Doesn't seem to Respect a local "file://" src 2005-11-11 09:02:36 -0800 1 1 1 Unclassified WebKit Frames 412 Mac OS X 10.4 RESOLVED WORKSFORME P3 Normal --- 1 david mjs ap oldest_to_newest 12475 0 david 2005-06-17 11:50:36 -0700 * SUMMARY When I load a page from my local file system, and point a frame to another file on my file system, the frame will not load the local page. This makes local testing difficult. * STEPS TO REPRODUCE 1. Open the test case in a text editor, and point the frame source to another file on your local file system. 2. Open the test case from your local hard drive. 3. Note how the local file does not load in the iframe, even if you use file:// 4. Change the iframe source to a page served by a Web server (e.g., http://www.apple.com/). 5. Note how the iframe now loads the page. * RESULTS Locale files do not load in iframes, while remote files served by a Web server do. * EXPECTED RESULTS I expect local files to load in iframes just like remote files do. Such is the case in Firefox. This also has ramifications for my JavaScript work, wherein I attempt to assign to frames[0].location.href and nothing happens unless the URL I assign to location is served by a Web server. 12476 1 2446 david 2005-06-17 11:51:09 -0700 Created attachment 2446 Test Case 12524 2 joost 2005-06-18 01:10:34 -0700 Confirmed, but renamed. Safari doens't take file:// for iframe src, it DOES however take http://localhost/ sources. 12525 3 2455 joost 2005-06-18 01:16:33 -0700 Created attachment 2455 Improved and reduced testcase Same procedure as for the first testcase. 16451 4 david 2005-08-11 14:07:34 -0700 FYI, this is also an issue with XMLHttpRequest objects, too: They don't respect a local "file://" src, either. 16469 5 ap 2005-08-11 21:44:28 -0700 Wouldn't this allow "stealing" local documents, thus opening a security hole? For local testing, I use relative URLs, seem to work fine. 16470 6 david 2005-08-11 22:27:40 -0700 No, relative URLs don't work, either. That was my original report. It didn't even occur to me that file:// overall was the problem until Joost de Valk renamed this bug report. One should be able to use file:// locations (relative or absolute) if the refering document is also local. 16490 7 3354 ap 2005-08-12 09:07:29 -0700 Created attachment 3354 A similar case that works 16491 8 ap 2005-08-12 09:10:21 -0700 Indeed, I was speaking about "improved and reduced testcase" by Joost de Valk. In that case, document-relative paths DO work: simply change "file://Users/jdevalk/webkit/testcases/font- hover.html" to just "font-hover.html" (assuming you have such file in the same directory). As for your original testcase, looks like it is the first frames[0].location that really fails - both <iframe src="test.html"> and the timer work fine. This is probably a bug. Please the the attached test case "A similar case that works" for an example of what works for me. I do not think that the location of the document should affect security restrictions anyhow. Otherwise, someone could file a bug with an archived malicious testcase in WebKit bugzilla... 16492 9 david 2005-08-12 09:13:54 -0700 FYI, I retract my comment about XMLHttpRequest not respecting file://. It seems like Safari just sets the status to null when it's a local file. I'm not sure that's an appropriate status, but it's easy enough to check for. 16493 10 david 2005-08-12 09:19:19 -0700 (In reply to comment #7) > Created an attachment (id=3354) [edit] > A similar case that works Does not work for me in Safari 2.0 (412.2). Maybe you're using a build from CVS? 16494 11 ap 2005-08-12 10:19:33 -0700 > Does not work for me in Safari 2.0 (412.2). Maybe you're using a build from CVS? Works for me in 312, 412.2 and ToT (open try.html; "test.html" is displayed, to be replaced with "foo.html" a few seconds later)... Some timing/caching issue? My Mac is a G4/1.25DP. Regardless, something strange is certainly happening to local files. Perhaps, this issue should be renamed in a more general manner, and wait for someone to seriously look into it? 16643 12 ap 2005-08-14 05:13:08 -0700 BTW, the primary reason for the reduced testcase to fail is that it lacks a slash in the URL: "file://Users..." 16656 13 mjs 2005-08-14 17:36:23 -0700 As far as I can tell, the sole problem with the test case given is that it's missing a slash - it should be file:///Users/... or file://localhost/Users... (or for convenience file:/Users/...), not file://Users/... The two slashes make WebKit interpret Users as a hostname, so the path is not found. Please reopen if a syntactically correct test case shows a problem, or if there is evidence that two slashes before a path is accepted by other browsers. 16928 14 david 2005-08-18 08:34:56 -0700 Well, if you look at my original test case (http://bugzilla.opendarwin.org/attachment.cgi?id=2446), you'll see that it's not explicitly using file:// or a URL ending in a slash. It's just using a file name, such as "foo.html". It's a relative path. And for me, it does not load the local file in the iframe. I'm using Safari 2.0 (412.2.2). If this is fixed in CVS, then cool. I look forward to the next release! 23909 15 mjs 2005-11-10 19:16:40 -0800 I can't reproduce a problem with the original test case, either in the cvs version or the version shipped in Denver. A "test.html" in the same directory loads fine as a relative reference to a local file. The absolute URLs work fine too, when I change them to paths that exist. The "improved and reduced" test case uses "file://Users" and so is buggy. I don't see a bug here that I can reproduce. 23920 16 david 2005-11-11 09:02:36 -0800 It does seem to be fixed in 2.0.2 (416.12). Thanks. 2446 2005-06-17 11:51:09 -0700 2005-06-18 01:16:33 -0700 Test Case try.html text/plain 764 david PGh0bWw+CjxoZWFkPgo8L2hlYWQ+Cjxib2R5Pgo8aWZyYW1lIHNyYz0idGVzdC5odG1sIj48L2lm cmFtZT4KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgovLyAgICBub2RlID0gZG9jdW1l bnQuY3JlYXRlRWxlbWVudCgiaWZyYW1lIik7Ci8vICAgIGRvY3VtZW50LmJvZHkuYXBwZW5kQ2hp bGQobm9kZSk7CmZyYW1lc1swXS5sb2NhdGlvbiA9ICdmaWxlOi8vL1VzZXJzL2RhdmlkL0Rlc2t0 b3AvdGVzdC5odG1sJzsKd2luZG93LnNldFRpbWVvdXQoZnVuY3Rpb24gKCkgeyBmcmFtZXNbMF0u bG9jYXRpb24gPSAnZmlsZTovLy9Vc2Vycy9kYXZpZC9EZXNrdG9wL2Zvby5odG1sJzsgfSwgMzAw MCk7CgovL2ZyYW1lc1swXS5sb2NhdGlvbiA9ICdodHRwOi8vd3d3LmFwcGxlLmNvbS8nOwovL3dp bmRvdy5zZXRUaW1lb3V0KGZ1bmN0aW9uICgpIHsgZnJhbWVzWzBdLmxvY2F0aW9uID0gJ2h0dHA6 Ly93d3cuZ29vZ2xlLmNvbS8nOyB9LCAzMDAwKTsKPC9zY3JpcHQ+CjwvYm9keT4KPC9odG1sPgo8 c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ci8vIGh0dHA6Ly93d3cucXVpcmtzbW9kZS5v cmcvanMvaWZyYW1lLmh0bWwKLy8gICAgbm9kZS5jb250ZW50V2luZG93LmxvY2F0aW9uLmhyZWYg PSAidGVzdC5odG1sIjsKLy8gICAgdmFyIGlmcmFtZSA9IHdpbmRvdy5mcmFtZXNbMF07Ci8vICAg IGRvY3VtZW50Lm9ubG9hZCA9ICdpZnJhbWUubG9jYXRpb24uaHJlZiA9ICJodHRwOi8vd3d3Lmdv b2dsZS5jb20iOyc7Cjwvc2NyaXB0Pgo= 2455 2005-06-18 01:16:33 -0700 2005-06-18 01:16:33 -0700 Improved and reduced testcase iframe-testcase.html text/html 134 joost PGh0bWw+CjxoZWFkPgo8L2hlYWQ+Cjxib2R5Pgo8aWZyYW1lIHNyYz0iZmlsZTovL1VzZXJzL2pk ZXZhbGsvd2Via2l0L3Rlc3RjYXNlcy9mb250LWhvdmVyLmh0bWwiPjwvaWZyYW1lPgo8L3Njcmlw dD4KPC9ib2R5Pgo8L2h0bWw+Cgo= 3354 2005-08-12 09:07:29 -0700 2005-08-12 09:07:29 -0700 A similar case that works works.zip application/octet-stream 1329 ap UEsDBBQACAAIAISeDDMAAAAAAAAAAAAAAAAIABAAZm9vLmh0bWxVWAwA5sb8QqfF/EL1ARQAs/EI 8fWx40rLz9fLKMnN4bLRhwgAAFBLBwhexgcbFgAAABgAAABQSwMECgAAAAAA0qAMMwAAAAAAAAAA AAAAAAkAEABfX01BQ09TWC9VWAwADMn8QgzJ/EL1ARQAUEsDBBQACAAIAISeDDMAAAAAAAAAAAAA AAATABAAX19NQUNPU1gvLl9mb28uaHRtbFVYDADmxvxCp8X8QvUBFABjYBVjZ2BiwAQgMU4gNgJi BSg/CCQR4hoRAqIZGRje/P+IqREAUEsHCKrCQI8lAAAAUgAAAFBLAwQUAAgACAB9ngwzAAAAAAAA AAAAAAAACQAQAHRlc3QuaHRtbFVYDADmxvxCncX8QvUBFACz8Qjx9bHjLUktLtHLKMnN4bXRh4gA AFBLBwiPr+UIFwAAABkAAABQSwMEFAAIAAgAfZ4MMwAAAAAAAAAAAAAAABQAEABfX01BQ09TWC8u X3Rlc3QuaHRtbFVYDADmxvxCncX8QvUBFABjYBVjZ2BiwAQgMU4gNgJiBSg/CCQR4hoRgkU9HAAA UEsHCMHNZYUfAAAAUgAAAFBLAwQUAAgACADKoAwzAAAAAAAAAAAAAAAACAAQAHRyeS5odG1sVVgM APvI/EL7yPxC9QEUAG2PywqDMBBF937F4EaFYgJd+viK7koXaUwwRTNixlop/fcmRrrq6sLM4c6c uqdxaJO6V6LzwY68Y7f5MHoWowI3yyYl5agMdNrWLC484eRsJgLaJhWQF7GHeIo4TduEsR10V34r B5SCDFpoIPuVZVWyGtvhWjpFFzMqXCjXi5U7mRfwhv8NGvEogM8JzpzzovL/x8vB5FBgUfALUEsH CKphXq6bAAAA6AAAAFBLAwQUAAgACADKoAwzAAAAAAAAAAAAAAAAEwAQAF9fTUFDT1NYLy5fdHJ5 Lmh0bWxVWAwA+8j8QvvI/EL1ARQAY2AVY2dgYsAEIDFOIDYCYgUoPwgkEeIaEYJFPRwAAFBLBwjB zWWFHwAAAFIAAABQSwECFQMUAAgACACEngwzXsYHGxYAAAAYAAAACAAMAAAAAAAAAABAsIEAAAAA Zm9vLmh0bWxVWAgA5sb8QqfF/EJQSwECFQMKAAAAAADSoAwzAAAAAAAAAAAAAAAACQAMAAAAAAAA AABA/UFcAAAAX19NQUNPU1gvVVgIAAzJ/EIMyfxCUEsBAhUDFAAIAAgAhJ4MM6rCQI8lAAAAUgAA ABMADAAAAAAAAAAAQLCBkwAAAF9fTUFDT1NYLy5fZm9vLmh0bWxVWAgA5sb8QqfF/EJQSwECFQMU AAgACAB9ngwzj6/lCBcAAAAZAAAACQAMAAAAAAAAAABApIEJAQAAdGVzdC5odG1sVVgIAObG/EKd xfxCUEsBAhUDFAAIAAgAfZ4MM8HNZYUfAAAAUgAAABQADAAAAAAAAAAAQKSBZwEAAF9fTUFDT1NY Ly5fdGVzdC5odG1sVVgIAObG/EKdxfxCUEsBAhUDFAAIAAgAyqAMM6phXq6bAAAA6AAAAAgADAAA AAAAAAAAQKSB2AEAAHRyeS5odG1sVVgIAPvI/EL7yPxCUEsBAhUDFAAIAAgAyqAMM8HNZYUfAAAA UgAAABMADAAAAAAAAAAAQKSBuQIAAF9fTUFDT1NYLy5fdHJ5Lmh0bWxVWAgA+8j8QvvI/EJQSwUG AAAAAAcABwDyAQAAKQMAAAAA