Bug 14248

Summary: Webkit shows "Unsafe Javascript attempt to acesss the frame.......... . Domains must match"
Product: WebKit Reporter: Madhu M <madhu.mukund>
Component: FramesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, fiedler.andre, grahamperrin, sam
Priority: P2    
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
Sample html showing the error of domain mismatch none

Madhu M
Reported 2007-06-20 15:36:14 PDT
Webkit shows "Unsafe Javascript attempt to acesss the frame.......... . Domains must match" error while accessing a child frame which has domain name similar to that of the parent domain. For eg. if the parent domain is 'myloc.app.server.com' and child frame is having domain as "app.server.com" it shows this javascript error and denies the permission to access the child frame. It is allowed in IE and Firefox. In WebKit also it allows to assign a new domain name to the child frame (through some domain relaxation script) provided it is a valid part of the parent domain name. So a child frame can have a new domain name like 'app.server.com'. But later it denies the permission to access this frame as the domain is not matching with the parent.
Attachments
Sample html showing the error of domain mismatch (1.28 KB, text/html)
2007-06-20 17:39 PDT, Madhu M 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Madhu M
Comment 1 2007-06-20 17:39:04 PDT
Created attachment 15150 [details] Sample html showing the error of domain mismatch This html shows the error due to domain mismatch. It is not allowing to access the child frame once the domain is changed for it. It is allowing to change the domain, since the new domain is a substring of the parent domain.
fiedler.andre
Comment 2 2009-12-07 11:16:12 PST
Same error for me in Safari 4.0.4... no JavaScript. Take a look at: http://www.eazyshoppinglist.com/ just HTML & CSS
Adam Barth
Comment 3 2009-12-07 12:26:33 PST
This is fixed at TOT. Please confirm by trying a nightly build from http://nightly.webkit.org/
fiedler.andre
Comment 4 2009-12-07 13:00:14 PST
Yes, works for me! Thx! :o)
Note You need to log in before you can comment on or make changes to this bug.