Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Access to property denied - NS_ERROR_DOM_PROP_ACCESS_DENIED

245 views

Skip to first unread message

sth...@gmail.com

unread,

Dec 11, 2008, 4:22:44 PM12/11/08

I'm running into a cross domain issue within an iframe.

When my iframe tries to access a property from the parent window - I
get undefined. If I try and iterate through the window.top object
from the iframe using

for(var param in window.top) {
console.log(window.top[param]);
}

it throws "Access to property denied -
NS_ERROR_DOM_PROP_ACCESS_DENIED". I'm assuming that when trying to
get a variable from window.top.XXX and getting undefined is related to
the above error.

I'm able to access the property fine when both iframe and window are
on the same domain.

My prefs.js is setup as the following. What am I missing out of the
policy?

user_pref
("capability.policy.CrossDomainToLocal.CDATASection.nodeValue",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.attributes",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.childNodes",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.firstChild",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.getAttribute",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.Element.getElementsByTagName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.nodeName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.nodeType",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.tagName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.HTMLCollection.item",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.HTMLCollection.length",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.HTMLDocument.documentElement",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.HTMLIFrameElement.className",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.HTMLIFrameElement.nodeType",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Location.href",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Location.toString",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.ProcessingInstruction.nodeName",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.ProcessingInstruction.nodeType",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Text.data",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Text.nodeName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Text.nodeType",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Text.nodeValue",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Window", "allAccess");
user_pref("capability.policy.CrossDomainToLocal.Window.XXX",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLDocument.documentElement",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLDocument.getElementsByTagName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.XMLDocument.nodeName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.XMLDocument.nodeType",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLHttpRequest.channel",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.XMLHttpRequest.open",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLHttpRequest.responseText",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLHttpRequest.responseXML",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.XMLHttpRequest.send",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLHttpRequest.setRequestHeader",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.sites", "http://
localhost:8080");

Boris Zbarsky

unread,

Dec 11, 2008, 4:31:27 PM12/11/08

sth...@gmail.com wrote:
> I'm running into a cross domain issue within an iframe.

In which Gecko version?

> user_pref("capability.policy.CrossDomainToLocal.Window", "allAccess");
> user_pref("capability.policy.CrossDomainToLocal.Window.XXX",
> "allAccess");

These are the only Window things in your file. So any other property of
Window will throw, no?

> I'm assuming that when trying to get a variable from window.top.XXX
> and getting undefined is related to the above error.

No, that's more likely related to the fact that the safe object wrapper.

Note also that for any quickstubbed property capability.policy will be
ignored in Gecko 1.9.1 and later. In Gecko 1.9.2 we expect
capability.policy on a per-property basis to disappear altogether.

So you might want a different solution to whatever problem you're
solving (e.g. document.domain, postMessage, etc, etc).

-Boris

0 new messages