I'm running into a cross domain issue within an iframe. When my iframe tries to access a property from the parent window - I get undefined. If I try and iterate through the window.top object from the iframe using
for(var param in window.top) { console.log(window.top[param]); } it throws "Access to property denied - NS_ERROR_DOM_PROP_ACCESS_DENIED". I'm assuming that when trying to get a variable from window.top.XXX and getting undefined is related to the above error. I'm able to access the property fine when both iframe and window are on the same domain. My prefs.js is setup as the following. What am I missing out of the policy? user_pref ("capability.policy.CrossDomainToLocal.CDATASection.nodeValue", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Element.attributes", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Element.childNodes", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Element.firstChild", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Element.getAttribute", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.Element.getElementsByTagName", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Element.nodeName", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Element.nodeType", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Element.tagName", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.HTMLCollection.item", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.HTMLCollection.length", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.HTMLDocument.documentElement", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.HTMLIFrameElement.className", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.HTMLIFrameElement.nodeType", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Location.href", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Location.toString", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.ProcessingInstruction.nodeName", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.ProcessingInstruction.nodeType", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Text.data", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Text.nodeName", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Text.nodeType", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Text.nodeValue", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Window", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.Window.XXX", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.XMLDocument.documentElement", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.XMLDocument.getElementsByTagName", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.XMLDocument.nodeName", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.XMLDocument.nodeType", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.XMLHttpRequest.channel", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.XMLHttpRequest.open", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.XMLHttpRequest.responseText", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.XMLHttpRequest.responseXML", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.XMLHttpRequest.send", "allAccess"); user_pref ("capability.policy.CrossDomainToLocal.XMLHttpRequest.setRequestHeader", "allAccess"); user_pref("capability.policy.CrossDomainToLocal.sites", "http:// localhost:8080"); _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security