Bug 14248

Summary:

Webkit shows "Unsafe Javascript attempt to acesss the frame.......... . Domains must match"

Product:

WebKit

Reporter:

Madhu M <madhu.mukund>

Component:

Frames

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, fiedler.andre, grahamperrin, sam

Priority:

Version:

523.x (Safari 3)

Hardware:

Mac

OS:

OS X 10.4

Attachments:

Description	Flags
Sample html showing the error of domain mismatch	none

Description Madhu M 2007-06-20 15:36:14 PDT

Webkit shows "Unsafe Javascript attempt to acesss the frame.......... . Domains must match" error while accessing a child frame which has domain name similar to that of the parent domain.

For eg. if the parent domain is 'myloc.app.server.com' and child frame is having domain as "app.server.com" it shows this javascript error and denies the permission to access the child frame. It is allowed in IE and Firefox.

In WebKit also it allows to assign a new domain name to the child frame (through some domain relaxation script) provided it is a valid part of the parent domain name.

So a child frame can have a new domain name like 'app.server.com'. But later it denies the permission to access this frame as the domain is not matching with the parent.

Comment 1 Madhu M 2007-06-20 17:39:04 PDT

Created attachment 15150 [details]
Sample html showing the error of domain mismatch

This html shows the error due to domain mismatch. It is not allowing to access the  child frame once the domain is changed for it. It is allowing to change the domain, since the new domain is a substring of the parent domain.

Comment 2 fiedler.andre 2009-12-07 11:16:12 PST

Same error for me in Safari 4.0.4... no JavaScript. Take a look at:

http://www.eazyshoppinglist.com/

just HTML & CSS

Comment 3 Adam Barth 2009-12-07 12:26:33 PST

This is fixed at TOT.  Please confirm by trying a nightly build from http://nightly.webkit.org/

Comment 4 fiedler.andre 2009-12-07 13:00:14 PST

Yes, works for me! Thx! :o)