Bug 13951 - "unsafe" error when accessing contentDocument of svg object created with data attribute
Summary: "unsafe" error when accessing contentDocument of svg object created with data...
Status: RESOLVED WONTFIX
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 523.x (Safari 3)
Hardware: Macintosh OS X 10.4
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-31 09:34 PDT by Teun
Modified: 2010-01-02 09:56 PST (History)
1 user (show)

See Also:


Attachments
HTML file that creates an SVG object and attempts to access its contentDocument (1.05 KB, text/html)
2007-05-31 09:45 PDT, Teun
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Teun 2007-05-31 09:34:57 PDT
On an <object> with data="data:image/svg+xml,<?xml..." i am not allowd to access the objectElement.contentDocument.
The followin error is given:

Unsafe JavaScript attempt to access frame with URL data:image/svg+xml,%3C?xml%20version=%221
...
94%3C/text%3E%3C/g%3E%3C/svg%3E from frame with URL http://local.domain.tld/html/. Domains must match.

Since the object was created from the current document, one would expect to be able to access it.
Comment 1 Teun 2007-05-31 09:45:31 PDT
Created attachment 14804 [details]
HTML file that creates an SVG object and attempts to access its contentDocument
Comment 2 David Kilzer (:ddkilzer) 2007-06-01 08:11:10 PDT
Confirmed with a local debug build of WebKit r21911 with Safari 2.0.4 (419.3) on Mac OS X 10.4.9 (8P135).

JavaScript Console:

Unsafe JavaScript attempt to access frame with URL data:image/svg+xml,%3C?xml%20version=%221.0%22%20encoding=%22UTF-8%22?%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20version=%221.1%22%20baseProfile=%22full%22%20width=%22100%%22%20height=%22100%%22%20viewBox=%220%200%20350%20235%22%3E%3Crect%20x=%220%22%20y=%2233%22%20width=%22350%22%20height=%22133%22%20fill=%22red%22/%3E%3C/svg%3E from frame with URL http://bugs.webkit.org/attachment.cgi?id=14804. Domains must match.
Comment 3 Adam Barth 2010-01-02 09:56:44 PST
This is a consequence of WebKit treating data URLs as having a unique origin.  There's been some debate about whether we should change that behavior globally.  If/when we do that, this bug will be fixed as a consequence.