165412 – top.location.assign is undefined inside non-sandboxed iframe on different origin

RESOLVED WONTFIX 165412

top.location.assign is undefined inside non-sandboxed iframe on different origin

https://bugs.webkit.org/show_bug.cgi?id=165412

Summary top.location.assign is undefined inside non-sandboxed iframe on different origin

Mohammed Khatib

Reported 2016-12-05 13:57:15 PST

top.location.assign is undefined inside an iframe. For example, top: https://hello.com iframe: https://whatsapp.com script loaded from: https://whatsapp.com executes -> window.top.location.assign('https://whatever.com') // <- .assign is undefined and throws a security error executes -> window.top.location.replace('https://whatever.com') // <- .replace is NOT undefined and works as expected executes -> window.top.location.href = 'https://whatever.com' // <- works as expected Errors thrown by .assign: window.top.location.assign is not a function. (In 'window.top.location.assign(url)', 'window.top.location.assign' is undefined) Blocked a frame with origin 'https://whatsapp' from accessing a frame with origin 'https://hello.com'. Protocols, domains, and ports must match. The expected behavior is that .assign would still work in non-sandboxed iframes - similar to replace.

Attachments
Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2016-12-07 17:14:16 PST

(In reply to comment #0) > top.location.assign is undefined inside an iframe. For example, > > top: https://hello.com > iframe: https://whatsapp.com > script loaded from: https://whatsapp.com > executes -> window.top.location.assign('https://whatever.com') // <- .assign is undefined and throws a security error This is the correct behavior when accessing/calling location.assign() on a cross-origin Location instance as per <https://html.spec.whatwg.org/multipage/browsers.html#dom-location-assign>. > [...] > The expected behavior is that .assign would still work in non-sandboxed > iframes - similar to replace. No, this is not correct. See my above remark.

Mohammed Khatib

Comment 2 2016-12-08 14:38:10 PST

Thanks for following up on this. I filed another bug for replace/href assignment not able to navigate user to itunes links here: https://bugs.webkit.org/show_bug.cgi?id=165627

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version Safari 10

Hardware iPhone / iPad

OS iOS 10

Product WebKit

Component DOM

Assignee

Nobody

Reported

2016-12-05 13:57 PST

Modified

2016-12-08 14:38 PST History

CC List

3 users Show

URL

Keywords

Depends on

Blocks