Bug 23768
| Summary: | Web Inspector: handled iframe access exceptions under try-catches still display error in console | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Joseph Schorr <jschorr> |
| Component: | Web Inspector | Assignee: | Nobody <webkit-unassigned> |
| Status: | UNCONFIRMED | ||
| Severity: | Normal | CC: | erik.arvidsson, graouts, inspector-bugzilla-changes, jonowells, webkit-bug-importer |
| Priority: | P3 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | All | ||
| OS: | All | ||
Joseph Schorr
If page in domain A has a piece of Javascript code attempting to access a member in an iframe in domain B and the access fails (as it should), an error will be displayed in the Javascript debugger even if the call is under a try-catch.
Steps to reproduce:
1) Create a sample page on domain A with an iframe pointing to domain B (my example used a page on a domain A attempting to access an iframe pointing to 'about:blank' which was hosted on a page on domain B).
2) Write a piece of Javascript code in domain A that attempts to access the iframe hosted in the page in domain B (This was found while attempting to access the 'location' property on the window object of the 'about:blank' page)
3) Place the code under a try-catch. An exception will be raised and the code will continue executing as expected, but the security exception will still appear in the Javascript debugger.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/19281580>