45622 – Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL ... Domains, protocols and ports must match.

RESOLVED WONTFIX Bug 45622

Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL ... Domains, protocols and ports must match.

https://bugs.webkit.org/show_bug.cgi?id=45622

Summary Unsafe JavaScript attempt to access frame with URL about:blank from frame wit...

scott Schmitz

Reported 2010-09-12 15:48:32 PDT

I execute the following URL: http://www.scottschmitz.com/SignOnTest.php which is basically code that will sign into and out of the Google Contacts API. When I run using Safari 5.01, I get an error: Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL h... Domains, protocols and ports must match. The page at https://www.google.com/accounts/AuthSubRevokeTokenJS ran insecure content from http://www.google.com/uds/modules/gdata/gdata-xd.js. I believe that this bug relates to the additional of XSS Auditor code which tries to stop malicious code from executing. IE8 has similar code and I am able to disable errors from IE by adding this header: X-XSS-Protection: 0

Attachments
SCreen shot showing error (29.03 KB, image/png) 2010-09-13 14:24 PDT, scott Schmitz	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2010-09-13 14:11:18 PDT

Actually, the error message for XSS Auditor is different (and we also support X-XSS-Protection anyway).

scott Schmitz

Comment 2 2010-09-13 14:24:51 PDT

Created attachment 67472 [details] SCreen shot showing error

scott Schmitz

Comment 3 2010-09-13 14:25:49 PDT

I have included a screen shot so you can see the error for yourself. This screen shot is from the latest build of WebKit.

manon hendriks

Comment 4 2011-10-03 03:18:50 PDT

hi i see all the time by console, when i play game on face book unsafe javascript..and i can't come in my game

Dmitri S

Comment 5 2013-04-15 02:47:02 PDT

The reported URL is no longer available. Can you still replicate the problem?

scott Schmitz

Comment 6 2013-04-15 07:44:32 PDT

Unfortunately, that API has been discontinued by Google and I am unable to test any more. Scott.

Brent Fulgham

Comment 7 2021-09-21 14:03:12 PDT

This is likely resolved by Bug 230499.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version 525.x (Safari 3.2)

Hardware Mac (Intel)

OS OS X 10.5

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2010-09-12 15:48 PDT

Modified

2021-09-21 14:03 PDT History

CC List

4 users Show

URL

http://www.scottschmitz.com/SignOnTest.php

Keywords

Depends on

Blocks