I'm running into a cross domain issue within an iframe.
When my iframe tries to access a property from the parent window - I
get undefined. If I try and iterate through the window.top object
from the iframe using
for(var param in window.top) {
console.log(window.top[param]);
}
it throws "Access to property denied -
NS_ERROR_DOM_PROP_ACCESS_DENIED". I'm assuming that when trying to
get a variable from window.top.XXX and getting undefined is related to
the above error.
I'm able to access the property fine when both iframe and window are
on the same domain.
My prefs.js is setup as the following. What am I missing out of the
policy?
user_pref
("capability.policy.CrossDomainToLocal.CDATASection.nodeValue",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.attributes",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.childNodes",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.firstChild",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.getAttribute",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.Element.getElementsByTagName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.nodeName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.nodeType",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Element.tagName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.HTMLCollection.item",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.HTMLCollection.length",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.HTMLDocument.documentElement",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.HTMLIFrameElement.className",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.HTMLIFrameElement.nodeType",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Location.href",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Location.toString",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.ProcessingInstruction.nodeName",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.ProcessingInstruction.nodeType",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Text.data",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Text.nodeName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Text.nodeType",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Text.nodeValue",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.Window", "allAccess");
user_pref("capability.policy.CrossDomainToLocal.Window.XXX",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLDocument.documentElement",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLDocument.getElementsByTagName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.XMLDocument.nodeName",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.XMLDocument.nodeType",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLHttpRequest.channel",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.XMLHttpRequest.open",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLHttpRequest.responseText",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLHttpRequest.responseXML",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.XMLHttpRequest.send",
"allAccess");
user_pref
("capability.policy.CrossDomainToLocal.XMLHttpRequest.setRequestHeader",
"allAccess");
user_pref("capability.policy.CrossDomainToLocal.sites", "http://
localhost:8080");
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
