Bug 49533

Summary: cross-site scripts are not being executed
Product: WebKit Reporter: ubl
Component: FramesAssignee: Nobody <webkit-unassigned>
Status: CLOSED INVALID    
Severity: Blocker CC: ap
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: https://www.sygeforsikring.dk

Description ubl 2010-11-15 04:24:26 PST 
java-script is not being executed in cross-site IFrame.

The script is critical to site functionality due to 3rd party vendor of login mechanism that uses java applet that posts XML-dsig via javascript.

running the applet/javascript in top frame works, but is not an acceptable workaround.

only detected on mac os i.e. the problem does NOT exist on safari windows or any other browser tested (IE, chrome, firefox)

P3P policy is already in place and cross-site cookies are ok.
Comment 1 Alexey Proskuryakov 2010-11-15 11:06:23 PST 
Could you please provide steps to reproduce this problem? Which links or buttons should one click to see it, and what exactly is the difference between observed and expected behavior?
Comment 2 ubl 2010-11-16 03:49:25 PST 
problem was resolved - was related to the applet parameters, not to the security settings of the browser

the parameter: mayscript="mayscript" is ok on windows and in other browsers but with mac+safari+cross domain IFrame it _must_ be: MAYSCRIPT
Comment 3 Alexey Proskuryakov 2010-11-16 09:35:38 PST 
It's great news that you found a solution.

However, if something works in both IE and Firefox, then generally speaking, it's a bug worth investigating.

> the parameter: mayscript="mayscript" is ok on windows and in other browsers but with mac+safari+cross domain IFrame it _must_ be: MAYSCRIPT

I don't see any code in WebKit that would care about this difference, so it's fairly surprising.
Comment 4 ubl 2010-11-16 22:38:51 PST 
maybe it's the mac java that acts differently. would be an easy assumption.

/Ulrich