Skip to content

Instantly share code, notes, and snippets.

@tobie
Created October 6, 2012 16:04
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save tobie/3845320 to your computer and use it in GitHub Desktop.
Webkit uncatchable security error when attempting to access property of the window object across origins.

On WebKit (can reproduce in both latest Chrome and Safari), a security error is displayed in the console when attempting to access the property of the window object hosted on a different origin:

Unsafe JavaScript attempt to access frame with URL http://localhost:8000/main.html from frame with URL http://localhost:8001/iframe.html. Domains, protocols and ports must match.

It seems this error isn't thrown as it is not catchable (see try...catch block in the example) and doesn't affect the program flow (statements below it still get executed).

As there aren't ways to find out if two windows share the same origin, it's impossible to avoid this warning.

Unsafe JavaScript attempt to access frame with URL
http://localhost:8000/main.html from frame with URL
http://localhost:8001/iframe.html. Domains, protocols
and ports must match.
<!DOCTYPE HTML>
<html>
<head>
<title>child</title>
</head>
<body>
<script>
try {
window.parent.foo;
} catch(e) {}
</script>
</body>
</html>
<!DOCTYPE HTML>
<html>
<head>
<title>parent</title>
</head>
<body>
<iframe src="http://localhost:8001/iframe.html"></iframe>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment