Skip to main content

Bug Tracker

Side navigation

#8018 closed bug (fixed)

Opened January 20, 2011 03:12AM UTC

Closed April 12, 2011 04:31AM UTC

Last modified March 09, 2012 09:07AM UTC

Unsafe access to frameElement causes error in crossdomain (i)frames

Reported by: SlexAxton Owned by: SlexAxton
Priority: blocker Milestone: 1.6
Component: event Version: 1.4.4
Keywords: frameElement, cross-domain Cc:
Blocked by: Blocking:
Description

We have 2 references to the frameElement property on an element in the jQuery source. The first is wrapped in a try/catch because if the frame is on a different domain, an access restricted exception occurs.

In bindReady:

try {
  toplevel = window.frameElement == null;
} catch(e) {}

In jQuery.event (the unsafe one):

// For whatever reason, IE has trouble passing the window object
// around, causing it to be cloned in the process
if ( jQuery.isWindow( elem ) && ( elem !== window && !elem.frameElement ) ) {
  elem = window;
 }

I'll attach a patch that avoids the frameWindow access altogether in this case, or we could consider just wrapping a try/catch. I think this solution is better though.

It so happens that while this fails"

  elem === window

This does not (so we can avoid the access):

  elem == window

More details from Shawn Smith (who found the fix) here:

https://github.com/shawnsmith/jquery/commit/a5cf1291a1f6903fbe8a39b384080d872a30b460

Attachments (0)
Change History (6)

Changed January 20, 2011 03:24AM UTC by SlexAxton comment:1

owner: → SlexAxton
status: newassigned

As promised, here is the pull request: https://github.com/jquery/jquery/pull/193

Changed January 20, 2011 03:25AM UTC by SlexAxton comment:2

component: unfiledevent
keywords: → frameElement, cross-domain
milestone: 1.next1.5
priority: undecidedlow

Changed February 02, 2011 12:18PM UTC by jitter comment:3

milestone: → 1.5.1

Changed February 14, 2011 05:54PM UTC by SlexAxton comment:4

Another potential fix:

https://github.com/jquery/jquery/pull/232

The first pull request says "Yes, we work on other frames and windows' window objects"

and this pull request says "We only work on the original window object"

Changed February 18, 2011 12:04AM UTC by snover comment:5

milestone: 1.5.11.6
priority: lowblocker

workaround committed in [752db8fffeffa796f5cdb5553331436c0a4cc44e]; retargeting permanent fix as 1.6 blocker

Changed April 12, 2011 04:31AM UTC by john comment:6

resolution: → fixed
status: assignedclosed