Opened 6 years ago

Closed 6 years ago

#1977 closed defect (fixed)

SecurityError when encountering anonymous frames with third-party content

Reported by: mapx Assignee: sebastian
Priority: P3 Milestone: Adblock-Plus-1.8.11-for-Chrome-Opera-Safari
Module: Platform Keywords:
Cc: sebastian Blocked By:
Blocking: Platform: Chrome
Ready: yes Confidential: no
Tester: Verified working:
Review URL(s):

Description (last modified by mapx)


chrome 41.0.2272.43 beta-m (64-bit)
ABP easylist

How to reproduce

1.go to
2.go into console, error:
Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "" from accessing a frame with origin "". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match.

3.whitelist the site ==> same error
4.disable completely ABP ==> no error in console

reported here:

the user reported: "It blocks the browser from making a request after that. Browser is hanging and saying waiting for available socket."

Change History (4)

comment:1 Changed 6 years ago by mapx

  • Description modified (diff)

comment:2 Changed 6 years ago by sebastian

  • Owner set to sebastian
  • Priority changed from Unknown to P3
  • Ready set
  • Summary changed from SecurityError in chrome to SecurityError when encountering anonymous frames with third-party content

This regression were introduced by #581 for Chrome <=36 and by #1703 it were extended to all Chrome versions. The code used there relies on the src attribute of <iframe> elements to detect whether the frame is anonymous (using an about: or javascript: URL) in order to apply element hiding and collapsing for those frames. However, this doesn't consider frames that navigate to third-party pages, resulting in a SecurityError when trying to access the contentDocument.

comment:3 Changed 6 years ago by sebastian

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:4 Changed 6 years ago by sebastian

  • Milestone set to Adblock-Plus-for-Chrome-Opera-Safari-next
  • Resolution set to fixed
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.