RESOLVED DUPLICATE of bug 161368 43504
location.href does not throw SECURITY_ERR when accessed across origins 
https://bugs.webkit.org/show_bug.cgi?id=43504
Summary location.href does not throw SECURITY_ERR when accessed across origins
Mihai Parparita
Reported 2010-08-04 12:51:38 PDT
The HTML5 spec is pretty clear about this: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location For a test case, see the frames[0].location.href line of: http://persistent.info/webkit/test-cases/iframe-location-href.html?http://example.com It just shows that the return value is undefined, with no exception being thrown. Gecko and IE do throw the exception.
Attachments
Add attachment proposed patch, testcase, etc.
Mihai Parparita
Comment 1 2010-08-04 12:53:04 PDT
Alexey, adding you to the cc list since you mentioned this in comment 5 of bug 17627. I couldn't find another bug filed for this issue, but perhaps you're aware of one.
Mihai Parparita
Comment 2 2010-08-11 18:35:42 PDT
Since fixing the V8 bindings is significantly more complex than the JSC ones (see http://groups.google.com/group/v8-users/browse_thread/thread/e73680b6ca97a46d), I've split this bug into two (bug 43891 and bug 43892), since it'll be two pretty different patches.
David Levin
Comment 3 2012-03-22 16:25:23 PDT
*** Bug 81973 has been marked as a duplicate of this bug. ***
Mike West
Comment 4 2012-09-28 00:35:11 PDT
Mihai, I'm going to pick this up if you don't mind.
Mike West
Comment 5 2013-02-04 05:12:23 PST
Poking the webkit-dev bear again: https://lists.webkit.org/pipermail/webkit-dev/2013-February/023636.html
Anne van Kesteren
Comment 6 2017-03-30 00:04:49 PDT
Chris, I think you fixed this and some of the other bugs here too right? I can't reproduce comment 0 anymore in Safari TP anyway.
Chris Dumez
Comment 7 2017-03-30 08:52:39 PDT
*** This bug has been marked as a duplicate of bug 161368 ***
Chris Dumez
Comment 8 2017-03-30 08:52:58 PDT
(In reply to Anne van Kesteren from comment #6) > Chris, I think you fixed this and some of the other bugs here too right? I > can't reproduce comment 0 anymore in Safari TP anyway. Yes, thanks.
Note You need to log in before you can comment on or make changes to this bug.