Bug 14248 - Webkit shows "Unsafe Javascript attempt to acesss the frame.......... . Domains must match"
Summary: Webkit shows "Unsafe Javascript attempt to acesss the frame.......... . Domai...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Frames (show other bugs)
Version: 523.x (Safari 3)
Hardware: Macintosh OS X 10.4
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-06-20 15:36 PDT by Madhu M
Modified: 2009-12-07 13:00 PST (History)
4 users (show)

See Also:


Attachments
Sample html showing the error of domain mismatch (1.28 KB, text/html)
2007-06-20 17:39 PDT, Madhu M
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Madhu M 2007-06-20 15:36:14 PDT
Webkit shows "Unsafe Javascript attempt to acesss the frame.......... . Domains must match" error while accessing a child frame which has domain name similar to that of the parent domain.

For eg. if the parent domain is 'myloc.app.server.com' and child frame is having domain as "app.server.com" it shows this javascript error and denies the permission to access the child frame. It is allowed in IE and Firefox.

In WebKit also it allows to assign a new domain name to the child frame (through some domain relaxation script) provided it is a valid part of the parent domain name.

So a child frame can have a new domain name like 'app.server.com'. But later it denies the permission to access this frame as the domain is not matching with the parent.
Comment 1 Madhu M 2007-06-20 17:39:04 PDT
Created attachment 15150 [details]
Sample html showing the error of domain mismatch

This html shows the error due to domain mismatch. It is not allowing to access the  child frame once the domain is changed for it. It is allowing to change the domain, since the new domain is a substring of the parent domain.
Comment 2 fiedler.andre 2009-12-07 11:16:12 PST
Same error for me in Safari 4.0.4... no JavaScript. Take a look at:

http://www.eazyshoppinglist.com/

just HTML & CSS
Comment 3 Adam Barth 2009-12-07 12:26:33 PST
This is fixed at TOT.  Please confirm by trying a nightly build from http://nightly.webkit.org/
Comment 4 fiedler.andre 2009-12-07 13:00:14 PST
Yes, works for me! Thx! :o)