Opened 10 months ago

Closed 8 weeks ago

Last modified 3 weeks ago

#4494 closed defect (fixed)

Error message on pages with sandboxed iFrame

Reported by: greiner Assignee: kzar
Priority: Unknown Milestone: Adblock-Plus-1.13.3-for-Chrome-Opera
Module: Platform Keywords:
Cc: sebastian, kzar Blocked By:
Blocking: Platform: Unknown / Cross platform
Ready: no Confidential: no
Tester: Ross Verified working: yes
Review URL(s):

https://codereview.adblockplus.org/29451568/

Description

Environment

Ubuntu 16.04
Chrome 53.0.2785.116
Adblock Plus 1.12.2.1662

How to reproduce

  1. Go to http://jsfiddle.net/cburgmer/E8fb2/13/
  2. Observe page's JavaScript console output.

Observed behaviour

The following error message is shown:

Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
  runInPageContext @ include.preload.js:344

Expected behaviour

No error message is shown.

Attachments (1)

issue1.PNG (91.7 KB) - added by mapx 10 months ago.

Download all attachments as: .zip

Change History (15)

comment:1 Changed 10 months ago by sebastian

  • Cc kzar added

I briefly tried to reproduce it in Chrome 47 and Chrome 54 beta, and I did not see this warning in the JavaScript console. Except for a warning indicating a blocked XHR, which is expected, there are no warnings I get with Adblock Plus installed, but not without.

Changed 10 months ago by mapx

comment:2 Changed 10 months ago by mapx

I got the same console error, see the attached image

error at row 344 in preload.js

my chrome: Version 54.0.2840.41 beta-m (64-bit)
last dev build of ABP.

Last edited 10 months ago by mapx (previous) (diff)

comment:3 Changed 10 months ago by sebastian

  • Owner set to sebastian

comment:4 Changed 10 months ago by sebastian

  • Owner sebastian deleted

For some reasons, I still cannot reproduce it on JSFiddle. But I was able to reproduce it, using <iframe sandbox>, on a simple test page, I created.

However, I couldn't find a way to get rid of that error message. Since it's technically not an exception, it cannot be catched. Neither seems it be possible to detect whether we run in a sandboxed frame that doesn't allow scripts to run, in order to not inject the script in the first place. We cannot access the frameElement (unless allow-same-origin is enabled). However, just because the frameElement cannot be accessed, doesn't necessarily mean that we run in a sandboxed frame that disallows scripts.

For reference, we inject scripts that way in order to patch the WebSocket API (#1727) and to protect our shadow root (#4191).

Last edited 10 months ago by sebastian (previous) (diff)

comment:5 Changed 9 months ago by cgarnier

Got the same issue using a js library.
https://github.com/cburgmer/rasterizeHTML.js

It create an hidden iframe for doing some process and the exception appears.
It s boring because even by disable adblock on the page, it throw.

Edit: pointless, it the same issue as the how to reproduce.

Last edited 9 months ago by cgarnier (previous) (diff)

comment:6 Changed 8 weeks ago by kzar

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:7 Changed 8 weeks ago by kzar

  • Owner set to kzar

comment:8 Changed 8 weeks ago by abpbot

A commit referencing this issue has landed:
Issue 4494 - Avoid causing some sandbox related warnings

comment:9 follow-up: Changed 8 weeks ago by kzar

  • Milestone set to Adblock-Plus-for-Chrome-Opera-next
  • Resolution set to fixed
  • Status changed from reviewing to closed

(As close to fixed as we're going to get anyway.)

comment:10 in reply to: ↑ 9 Changed 5 weeks ago by Ross

Replying to kzar:

(As close to fixed as we're going to get anyway.)

In Chrome, the only warning remaining is about some advert json.
In Opera, there are still two warnings about blocked execution, but these are related to rasterizeHTMl.
In Safari, the warnings about runInPageContext, include.preload.js still occur.

Was this fix just for the error about our preload.js script and just in Chrome?

ABP 1.12.4.1753
Chrome 53 / 56 / Windows 7
Opera 45 / Windows 7
Safari 9.0 / OS X 10.11

comment:11 Changed 5 weeks ago by kzar

This change is not related to Safari since we build the Safari extension from a separate (much older) version of the code these days. Could you confirm if the Chrome / Opera warnings you observed are still present when Adblock Plus isn't installed?

comment:12 Changed 4 weeks ago by Ross

The warnings are not present when Adblock Plus is not installed. They then appear after installing ABP and reloading the JSFiddle.

ABP 1.13.2.1785
Chrome 49 / Windows 7
Opera 39 / Windows 7

comment:13 Changed 4 weeks ago by kzar

So unless I'm mistaken the warnings you're seeing in Chrome are due to the fact that Adblock Plus blocked a couple of requests. This issue is only about the sandboxed frame warnings:

include.preload.js:874 Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

To confirm if the fix for this issue worked try installing the version just before 1.13.2.1777, check if the above warning shows up for the JSFiddle page, then try installing the latest version and check the warning doesn't show up any more.

Note: The fix aims only to reduce the occurrences of that warning, we couldn't figure out a foolproof solution and so we expect it to occasionally show up on some webpages. Also to reiterate the fix does not aim to reduce any other warnings, such as net::ERR_BLOCKED_BY_CLIENT ones.

comment:14 Changed 3 weeks ago by Ross

  • Tester changed from Unknown to Ross
  • Verified working set

Fixed.

ABP 1.13.2.1785
Chrome 49 / 59 / Windows 7
Operar 36 / 45 / Windows 7

Note: See TracTickets for help on using tickets.