Opened on 02/08/2015 at 06:31:45 PM
Closed on 02/10/2015 at 09:24:02 AM
#1977 closed defect (fixed)
SecurityError when encountering anonymous frames with third-party content
| Reported by: | mapx | Assignee: | sebastian |
|---|---|---|---|
| Priority: | P3 | Milestone: | Adblock-Plus-1.8.11-for-Chrome-Opera-Safari |
| Module: | Platform | Keywords: | |
| Cc: | sebastian | Blocked By: | |
| Blocking: | Platform: | Chrome | |
| Ready: | yes | Confidential: | no |
| Tester: | Verified working: | ||
| Review URL(s): | |||
Description (last modified by mapx)
Environment
chrome 41.0.2272.43 beta-m (64-bit)
ABP 1.8.10.1339 easylist
How to reproduce
1.go to http://www.covenantfamilychapel.widev.info/
2.go into console, error:
Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://www.covenantfamilychapel.widev.info" from accessing a frame with origin "https://platform.twitter.com". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match.
3.whitelist the site ==> same error
4.disable completely ABP ==> no error in console
reported here:
https://adblockplus.org/forum/viewtopic.php?p=116995#p116995
the user reported: "It blocks the browser from making a request after that. Browser is hanging and saying waiting for available socket."
Attachments (0)
Change History (4)
comment:2 Changed on 02/09/2015 at 02:53:44 PM by sebastian
- Owner set to sebastian
- Priority changed from Unknown to P3
- Ready set
- Summary changed from SecurityError in chrome to SecurityError when encountering anonymous frames with third-party content
comment:3 Changed on 02/09/2015 at 02:56:15 PM by sebastian
- Review URL(s) modified (diff)
- Status changed from new to reviewing
comment:4 Changed on 02/10/2015 at 09:24:02 AM by sebastian
- Milestone set to Adblock-Plus-for-Chrome-Opera-Safari-next
- Resolution set to fixed
- Status changed from reviewing to closed
This regression were introduced by #581 for Chrome <=36 and by #1703 it were extended to all Chrome versions. The code used there relies on the src attribute of <iframe> elements to detect whether the frame is anonymous (using an about: or javascript: URL) in order to apply element hiding and collapsing for those frames. However, this doesn't consider frames that navigate to third-party pages, resulting in a SecurityError when trying to access the contentDocument.