Bug 165412

Summary: top.location.assign is undefined inside non-sandboxed iframe on different origin
Product: WebKit Reporter: Mohammed Khatib <mkhatib727>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Normal CC: ap, cdumez, dbates
Priority: P2    
Version: Safari 10   
Hardware: iPhone / iPad   
OS: iOS 10   

Mohammed Khatib
Reported 2016-12-05 13:57:15 PST
top.location.assign is undefined inside an iframe. For example, top: https://hello.com iframe: https://whatsapp.com script loaded from: https://whatsapp.com executes -> window.top.location.assign('https://whatever.com') // <- .assign is undefined and throws a security error executes -> window.top.location.replace('https://whatever.com') // <- .replace is NOT undefined and works as expected executes -> window.top.location.href = 'https://whatever.com' // <- works as expected Errors thrown by .assign: window.top.location.assign is not a function. (In 'window.top.location.assign(url)', 'window.top.location.assign' is undefined) Blocked a frame with origin 'https://whatsapp' from accessing a frame with origin 'https://hello.com'. Protocols, domains, and ports must match. The expected behavior is that .assign would still work in non-sandboxed iframes - similar to replace.
Attachments
Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2016-12-07 17:14:16 PST
(In reply to comment #0) > top.location.assign is undefined inside an iframe. For example, > > top: https://hello.com > iframe: https://whatsapp.com > script loaded from: https://whatsapp.com > executes -> window.top.location.assign('https://whatever.com') // <- .assign is undefined and throws a security error This is the correct behavior when accessing/calling location.assign() on a cross-origin Location instance as per <https://html.spec.whatwg.org/multipage/browsers.html#dom-location-assign>. > [...] > The expected behavior is that .assign would still work in non-sandboxed > iframes - similar to replace. No, this is not correct. See my above remark.
Mohammed Khatib
Comment 2 2016-12-08 14:38:10 PST
Thanks for following up on this. I filed another bug for replace/href assignment not able to navigate user to itunes links here: https://bugs.webkit.org/show_bug.cgi?id=165627
Note You need to log in before you can comment on or make changes to this bug.