Hi,
Getting a problem as follows using Chrome 48.0.2564.103 m.
If a page defines an iframe which houses a smartclient based page served from a different domain to the containing pages' domain then the richtext editor fails with a javascript error for example:
Uncaught SecurityError: Blocked a frame with origin "http://aaa.bbb.com" from accessing a frame with origin "http://aaa.bbb.com". The frame being accessed set "document.domain" to "bbb.com", but the frame requesting access did not. Both must set "document.domain" to the same value to allow access.
This happens with the feature explorer. If a page is created which contains:
and that page is served from a different domain to www.smartclient.com then, when run, receive error:
Uncaught SecurityError: Blocked a frame with origin "http://www.smartclient.com" from accessing a frame with origin "http://www.smartclient.com". The frame being accessed set "document.domain" to "smartclient.com", but the frame requesting access did not. Both must set "document.domain" to the same value to allow access.
and the text of the richtext editor is not loaded.
The problem is in system/helpers/empty.html which is used as the src of the richtext editor iframe. The result of the code in empty.html is that the document.domain of the iframe content document ends up as smartclient.com, and therefore does not match containing pages' www.smartclient.com.
The full intention of the code in empty.html is not entirely clear to me however if the code:
is changed to:
then it works OK.
Getting a problem as follows using Chrome 48.0.2564.103 m.
If a page defines an iframe which houses a smartclient based page served from a different domain to the containing pages' domain then the richtext editor fails with a javascript error for example:
Uncaught SecurityError: Blocked a frame with origin "http://aaa.bbb.com" from accessing a frame with origin "http://aaa.bbb.com". The frame being accessed set "document.domain" to "bbb.com", but the frame requesting access did not. Both must set "document.domain" to the same value to allow access.
This happens with the feature explorer. If a page is created which contains:
Code:
<iframe src="http://www.smartclient.com/#RichTextEditor"></iframe>
Uncaught SecurityError: Blocked a frame with origin "http://www.smartclient.com" from accessing a frame with origin "http://www.smartclient.com". The frame being accessed set "document.domain" to "smartclient.com", but the frame requesting access did not. Both must set "document.domain" to the same value to allow access.
and the text of the richtext editor is not loaded.
The problem is in system/helpers/empty.html which is used as the src of the richtext editor iframe. The result of the code in empty.html is that the document.domain of the iframe content document ends up as smartclient.com, and therefore does not match containing pages' www.smartclient.com.
The full intention of the code in empty.html is not entirely clear to me however if the code:
Code:
if (window.opener && window.opener.isc) break; if (window.top.isc) break;
Code:
if (window.parent && window.parent.isc) break; if (window.opener && window.opener.isc) break; if (window.top.isc) break;
Comment