Side navigation
#8018 closed bug (fixed)
Opened January 20, 2011 03:12AM UTC
Closed April 12, 2011 04:31AM UTC
Last modified March 09, 2012 09:07AM UTC
Unsafe access to frameElement causes error in crossdomain (i)frames
| Reported by: | SlexAxton | Owned by: | SlexAxton |
|---|---|---|---|
| Priority: | blocker | Milestone: | 1.6 |
| Component: | event | Version: | 1.4.4 |
| Keywords: | frameElement, cross-domain | Cc: | |
| Blocked by: | Blocking: |
Description
We have 2 references to the frameElement property on an element in the jQuery source. The first is wrapped in a try/catch because if the frame is on a different domain, an access restricted exception occurs.
In bindReady:
try {
toplevel = window.frameElement == null;
} catch(e) {}
In jQuery.event (the unsafe one):
// For whatever reason, IE has trouble passing the window object
// around, causing it to be cloned in the process
if ( jQuery.isWindow( elem ) && ( elem !== window && !elem.frameElement ) ) {
elem = window;
}
I'll attach a patch that avoids the frameWindow access altogether in this case, or we could consider just wrapping a try/catch. I think this solution is better though.
It so happens that while this fails"
elem === window
This does not (so we can avoid the access):
elem == window
More details from Shawn Smith (who found the fix) here:
https://github.com/shawnsmith/jquery/commit/a5cf1291a1f6903fbe8a39b384080d872a30b460
Attachments (0)
Change History (6)
Changed January 20, 2011 03:24AM UTC by comment:1
| owner: | → SlexAxton |
|---|---|
| status: | new → assigned |
Changed January 20, 2011 03:25AM UTC by comment:2
| component: | unfiled → event |
|---|---|
| keywords: | → frameElement, cross-domain |
| milestone: | 1.next → 1.5 |
| priority: | undecided → low |
Changed February 02, 2011 12:18PM UTC by comment:3
| milestone: | → 1.5.1 |
|---|
Changed February 14, 2011 05:54PM UTC by comment:4
Another potential fix:
https://github.com/jquery/jquery/pull/232
The first pull request says "Yes, we work on other frames and windows' window objects"
and this pull request says "We only work on the original window object"
Changed February 18, 2011 12:04AM UTC by comment:5
| milestone: | 1.5.1 → 1.6 |
|---|---|
| priority: | low → blocker |
workaround committed in [752db8fffeffa796f5cdb5553331436c0a4cc44e]; retargeting permanent fix as 1.6 blocker
Changed April 12, 2011 04:31AM UTC by comment:6
| resolution: | → fixed |
|---|---|
| status: | assigned → closed |
As promised, here is the pull request: https://github.com/jquery/jquery/pull/193