New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 840268 link

Starred by 2 users
Status: WontFix
Owner:
dcheng@chromium.org
Closed: May 2018
Cc:
sindhu.chelamcherla@chromium.org
creis@chromium.org
nasko@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Exception not thrown when accessing iframe with a different domain

Reported by razalka...@yahoo.com, May 7 2018 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.30 Safari/537.36

Steps to reproduce the problem:
1. navigate to a page that contains iframe with different domain. 
2. open console from devtool
3. run: document.getElementById(<DifferentDomainIframeID>).contentDocument

What is the expected behavior?
Exception will be thrown:
"Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "null" from accessing a cross-origin frame."

What went wrong?
Getting null.

Did this work before? Yes 66

Chrome version: 67.0.3396.30  Channel: beta
OS Version: 10.0
Flash Version:
dima.html
85 bytes View Download

Comment 1 by krajshree@chromium.org, May 7 2018

Labels: Needs-Bisect Needs-Triage-M67

Comment 2 by sindhu.chelamcherla@chromium.org, May 8 2018

Labels: Triaged-ET Needs-Feedback
Unable to reproduce this issue on reported version 67.0.3396.30 on Windows 10 using HTML given in comment#0.

1. Opened dima.html and opened devtools console.
2. Typed document.getElementById(<DifferentDomainIframeID>).contentDocument and observed error Uncaught SyntaxError: Unexpected token <
3. Searched for frame id in Elements tab, Typed document.getElementById("test").contentDocument and observed error VM732:1 Uncaught TypeError: Cannot read property 'contentDocument' of null
    at <anonymous>:1:32
4. Searched for frame id in Elements tab, Typed document.getElementById("intercom-frame").contentDocument and observed output as document.getElementById("intercom-frame").contentDocument
#document. Attaching screencast for reference.

@Reporter: Please check the screencast and let us know if we miss anything. any further information on reproducing the issue would help in further triaging.

Thanks!
840268.mp4
6.8 MB View Download

Comment 3 by razalka...@yahoo.com, May 8 2018 

I did the same in chrome beta 67 but getting null.
Please check the attached screencast.
Settings - Google Chrome 08-May-18 12_12_10.wmv
9.0 MB Download
Project Member

Comment 4 by sheriffbot@chromium.org, May 8 2018

Cc: sindhu.chelamcherla@chromium.org
Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by creis@chromium.org, May 8 2018

Cc: creis@chromium.org nasko@chromium.org
Components: Internals>Sandbox>SiteIsolation
Labels: OS-Chrome OS-Linux OS-Mac
Owner: dcheng@chromium.org
This is most likely due to Site Isolation.  dcheng@, did you have thoughts on how to get the exception to happen for out-of-process iframes?

Comment 6 by dcheng@chromium.org, May 8 2018

Status: WontFix (was: Unconfirmed)
This is intentional and matches the behavior of Firefox and Safari. See https://wpt.fyi/html/semantics/embedded-content/the-iframe-element/document-getters-return-null-for-cross-origin.html

See  issue 582245  and https://chromium-review.googlesource.com/1006528 for more context.

Sign in to add a comment