6281 2005-12-28 22:38:37 -0800 window.frames["frameName"].document does not work in Safari due to security checks 2006-03-20 02:48:14 -0800 1 1 1 Unclassified WebKit DOM 420+ Mac OS X 10.4 RESOLVED WONTFIX P3 Normal --- 1 eric webkit-unassigned oldest_to_newest 27087 0 eric 2005-12-28 22:38:37 -0800 window.frames["frameName"].document does not work in Safari See test case. 27088 1 5347 eric 2005-12-28 22:40:30 -0800 Created attachment 5347 Test case 27089 2 eric 2005-12-28 22:44:01 -0800 Hum, I'm wondering if this is a security issue... as the code looks like we should support this. FireFox allows this test case to work. 27090 3 eric 2005-12-28 22:46:37 -0800 Yes, this seems to be due to security checks. Now the question becomes, why does firefox allow this (at least from in the file:// to http://apple.com case). 27091 4 ggaren 2005-12-28 22:55:28 -0800 I think we need to add a check for whether the requesting frame is the parent of the requested frame, and allow that. Although I *don't* think that child frames get access to the parent frame -- in any browser. 27092 5 ggaren 2005-12-28 22:56:54 -0800 On the other hand, what if a phishing site opens your bank site in a child frame and then scoops your data? Doesn't seem like we should allow that. 36984 6 mjs 2006-03-20 02:48:14 -0800 This is due to security restrictions. Firefox has a slightly different model. Instead of keeping you from getting the document object at all on a frame where you don't have access, they give you the document but keep you from accessing most of its properties. I think we should keep the current model because it is simpler and therefore likely to be more robust. 5347 2005-12-28 22:40:30 -0800 2005-12-28 22:40:30 -0800 Test case WebDebug.html text/html 410 eric PGh0bWw+Cjxib2R5PgoKPHA+CllvdSBzaG91bGQgc2VlIGFuIGlGcmFtZSBvZiBBcHBsZS5jb20g YmVsb3c6CjwvcD4KCjxzY3JpcHQ+CmZ1bmN0aW9uIGRvbmUoKSB7CiAgICB2YXIgc3ViRG9jID0g d2luZG93LmZyYW1lc1sidGVzdEZyYW1lIl0uZG9jdW1lbnQ7CiAgICB2YXIgcmVzdWx0ID0gKHN1 YkRvYyAhPSB1bmRlZmluZWQpID8gIlN1Y2Nlc3MiIDogIkZhaWx1cmUiOwogICAgYWxlcnQocmVz dWx0KTsKfQo8L3NjcmlwdD4KCjxwPgo8YSBocmVmPSJqYXZhc2NyaXB0OmRvbmUoKSI+UHJlc3Mg dG8gVGVzdCBvbmNlIGxvYWRlZDwvYT4KPC9wPgoKPGlmcmFtZSBuYW1lPSJ0ZXN0RnJhbWUiIHdp ZHRoPSIzMDAiIGhlaWdodD0iMzAwIiBzcmM9Imh0dHA6Ly93d3cuYXBwbGUuY29tLyI+Cgo8L2Jv ZHk+CjwvaHRtbD4=