Opened 5 years ago

Closed 5 years ago

#1977 closed defect (fixed)

SecurityError when encountering anonymous frames with third-party content

Reported by: mapx Assignee: sebastian
Priority: P3 Milestone: Adblock-Plus-1.8.11-for-Chrome-Opera-Safari
Module: Platform Keywords:
Cc: sebastian Blocked By:
Blocking: Platform: Chrome
Ready: yes Confidential: no
Tester: Verified working:
Review URL(s):

http://codereview.adblockplus.org/4553357519749120

Description (last modified by mapx)

Environment

chrome 41.0.2272.43 beta-m (64-bit)
ABP 1.8.10.1339 easylist

How to reproduce

1.go to http://www.covenantfamilychapel.widev.info/
2.go into console, error:
Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://www.covenantfamilychapel.widev.info" from accessing a frame with origin "https://platform.twitter.com". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match.

3.whitelist the site ==> same error
4.disable completely ABP ==> no error in console

reported here:
https://adblockplus.org/forum/viewtopic.php?p=116995#p116995

the user reported: "It blocks the browser from making a request after that. Browser is hanging and saying waiting for available socket."

Change History (4)

comment:1 Changed 5 years ago by mapx

  • Description modified (diff)

comment:2 Changed 5 years ago by sebastian

  • Owner set to sebastian
  • Priority changed from Unknown to P3
  • Ready set
  • Summary changed from SecurityError in chrome to SecurityError when encountering anonymous frames with third-party content

This regression were introduced by #581 for Chrome <=36 and by #1703 it were extended to all Chrome versions. The code used there relies on the src attribute of <iframe> elements to detect whether the frame is anonymous (using an about: or javascript: URL) in order to apply element hiding and collapsing for those frames. However, this doesn't consider frames that navigate to third-party pages, resulting in a SecurityError when trying to access the contentDocument.

comment:3 Changed 5 years ago by sebastian

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:4 Changed 5 years ago by sebastian

  • Milestone set to Adblock-Plus-for-Chrome-Opera-Safari-next
  • Resolution set to fixed
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.