Problem with embedded iframes
934 views
Skip to first unread message
Don Schmitt
Feb 9, 2011, 1:15:54 PM2/9/11
to chromium-...@chromium.org
I just started encountering a problem with my extension in dev builds where an iframe won't load. The scenario is:
1. I'm loading an extension-specific page, e.g. chrome-extension://jdiamjblfghmdmmldfhobkcipgeadcin/container.html#url=http%3A%2F%2Fwww.google.com%2F
2. In that container.html I'm loading _another_ iframe, e.g.: chrome-extension://jdiamjblfghmdmmldfhobkcipgeadcin/child.html
That child iframe refuses to load when I loaded it programmatically from the parent. I can inspect the child element, the URL is fine, and I can load it in a separate tab just fine. In fact, if I just touch the src attribute with the inspector, it will load. Weird. But when I try to load it programmatically with .src= from the parent frame (even after a significant timeout), the DOM just gets loaded with:
And the DOM that _is_ loaded in the child iframe has an error message:
Error 2 (net::ERR_FAILED): Unknown error.
I'll try to create a repro for the Chromium team, but would love to find a cause / workaround.
Has anyone else run into this? Ideas?
Aaron Boodman
Feb 10, 2011, 12:35:35 AM2/10/11
to Don Schmitt, chromium-...@chromium.org
It is probably related to this bug:
http://code.google.com/p/chromium/issues/detail?id=72407
If you create a little test extension that reproduces the issue I can
verify that my fix also fixes what you're seeing.
- a
> --
> You received this message because you are subscribed to the Google Groups
> "Chromium-extensions" group.
> To post to this group, send email to chromium-...@chromium.org.
> To unsubscribe from this group, send email to
> chromium-extens...@chromium.org.
> For more options, visit this group at
> http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.
>
PhistucK
Feb 10, 2011, 2:48:05 AM2/10/11
to Aaron Boodman, Don Schmitt, chromium-...@chromium.org
I actually thought that was a feature, so I did not report it. Hehe.
Since if you allow any website to access extension resources just like that, these websites can find out whether you have a certain extension, which hurts privacy.
☆PhistucK
Don Schmitt
Feb 10, 2011, 11:44:19 AM2/10/11
to chromium-...@chromium.org
I created a simple repro yesterday and reported it here: http://code.google.com/p/chromium/issues/detail?id=72440
It's pretty clear this is a regression.
>>>> Since if you allow any website to access extension resources just like that... which hurts privacy.
In any case, in my repro (and my extension - IE Tab) this isn't any web site, this is an extension page embedding another extension page from the same extension.
PhistucK
Feb 10, 2011, 12:39:16 PM2/10/11
to Don Schmitt, chromium-...@chromium.org
The privacy issue is less about iFrames and more about scripts and images from extensions that can be freely loaded from web pages (and identified as having been loaded).
The logical thing would have been to make these loading processes permission based from the start, in my opinion.
I think this is a (single?) specific situation where backward compatibility hurts the extension system (but I am still in favor of backward compatibility, of course. And no restarts. :)).
☆PhistucK
donaddon
Feb 10, 2011, 1:58:57 PM2/10/11
to Chromium-extensions
Okay, sorry I got caught up in the tangent because it's completely
unrelated to my bug report.
The bug is with an extension's own page referencing its own resources
(specifically an iframe), which of course should be possible and
always has been possible until this _unintentional_ regression.
BTW: It appears there may be a workaround of inserting the entire
iframe by setting innerHTML on a container instead of setting the src
attribute on the iframe. Now that's whacky.
On Feb 10, 9:39 am, PhistucK <phist...@gmail.com> wrote:
> The privacy issue is less about iFrames and more about scripts and images
> from extensions that can be freely loaded from web pages (and identified as
> having been loaded).
> The logical thing would have been to make these loading processes permission
> based from the start, in my opinion.
> I think this is a (single?) specific situation where backward compatibility
> hurts the extension system (but I am still in favor of backward
> compatibility, of course. And no restarts. :)).
>
> ☆*PhistucK*
> >>> > To post to this group, send email to chromium-extensi...@chromium.org.
unrelated to my bug report.
The bug is with an extension's own page referencing its own resources
(specifically an iframe), which of course should be possible and
always has been possible until this _unintentional_ regression.
BTW: It appears there may be a workaround of inserting the entire
iframe by setting innerHTML on a container instead of setting the src
attribute on the iframe. Now that's whacky.
On Feb 10, 9:39 am, PhistucK <phist...@gmail.com> wrote:
> The privacy issue is less about iFrames and more about scripts and images
> from extensions that can be freely loaded from web pages (and identified as
> having been loaded).
> The logical thing would have been to make these loading processes permission
> based from the start, in my opinion.
> I think this is a (single?) specific situation where backward compatibility
> hurts the extension system (but I am still in favor of backward
> compatibility, of course. And no restarts. :)).
>
>
>
>
>
>
>
>
> On Thu, Feb 10, 2011 at 18:44, Don Schmitt <donco...@gmail.com> wrote:
> > I created a simple repro yesterday and reported it here:
> >http://code.google.com/p/chromium/issues/detail?id=72440
> > It's pretty clear this is a regression.
>
> > >>>> Since if you allow any website to access extension resources just like
> > that... which hurts privacy.
>
> > Hmmm...if they can't read the content of the iframe (which would definitely
> > be a cross-site security problem), then I don't see how they could tell what
> > was rendered in the frame so they shouldn't be able to tell whether you
> > actually have the extension.
>
> > In any case, in my repro (and my extension - IE Tab) this isn't any web
> > site, this is an extension page embedding another extension page from the
> > same extension.
>
>
>
>
>
>
>
> On Thu, Feb 10, 2011 at 18:44, Don Schmitt <donco...@gmail.com> wrote:
> > I created a simple repro yesterday and reported it here:
> >http://code.google.com/p/chromium/issues/detail?id=72440
> > It's pretty clear this is a regression.
>
> > >>>> Since if you allow any website to access extension resources just like
> > that... which hurts privacy.
>
> > Hmmm...if they can't read the content of the iframe (which would definitely
> > be a cross-site security problem), then I don't see how they could tell what
> > was rendered in the frame so they shouldn't be able to tell whether you
> > actually have the extension.
>
> > In any case, in my repro (and my extension - IE Tab) this isn't any web
> > site, this is an extension page embedding another extension page from the
> > same extension.
>
> > On Wed, Feb 9, 2011 at 11:48 PM, PhistucK <phist...@gmail.com> wrote:
>
> >> I actually thought that was a feature, so I did not report it. Hehe.
> >> Since if you allow any website to access extension resources just like
> >> that, these websites can find out whether you have a certain extension,
> >> which hurts privacy.
>
> >> ☆*PhistucK*
>
> >> I actually thought that was a feature, so I did not report it. Hehe.
> >> Since if you allow any website to access extension resources just like
> >> that, these websites can find out whether you have a certain extension,
> >> which hurts privacy.
>
>
> >> On Thu, Feb 10, 2011 at 07:35, Aaron Boodman <a...@google.com> wrote:
>
> >>> It is probably related to this bug:
>
> >>>http://code.google.com/p/chromium/issues/detail?id=72407
>
> >>> If you create a little test extension that reproduces the issue I can
> >>> verify that my fix also fixes what you're seeing.
>
> >>> - a
>
> >> On Thu, Feb 10, 2011 at 07:35, Aaron Boodman <a...@google.com> wrote:
>
> >>> It is probably related to this bug:
>
> >>>http://code.google.com/p/chromium/issues/detail?id=72407
>
> >>> If you create a little test extension that reproduces the issue I can
> >>> verify that my fix also fixes what you're seeing.
>
> >>> - a
>
> >>> > To unsubscribe from this group, send email to
> >>> > chromium-extensions+unsubscr...@chromium.org.
> >>> > For more options, visit this group at
>
> >>>http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en
> >>> .
>
>
> >>>http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en
> >>> .
>
> >>> --
> >>> You received this message because you are subscribed to the Google Groups
> >>> "Chromium-extensions" group.
> >>> To post to this group, send email to chromium-extensi...@chromium.org.
> >>> You received this message because you are subscribed to the Google Groups
> >>> "Chromium-extensions" group.
> >>> To unsubscribe from this group, send email to
> >>> chromium-extensions+unsubscr...@chromium.org.
> >>> For more options, visit this group at
> >>>http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en
> >>> .
>
> >>>http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en
> >>> .
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Chromium-extensions" group.
> > To post to this group, send email to chromium-extensi...@chromium.org.
> > You received this message because you are subscribed to the Google Groups
> > "Chromium-extensions" group.
> > To unsubscribe from this group, send email to
> > chromium-extensions+unsubscr...@chromium.org.
Reply all
Reply to author
Forward
0 new messages