Today I upgrade my Firefox to 13.0. But something goes wrong with my javascript code.
There's a webpage A(www.xx) and webpage B(webim.xx). I embed B in A using iframe tag.
webpage A
first set the domain as 'xx'
<script>document.domain = 'xx';</script>
then create an iframe to load webpage B.
<script>
var iframe = document.createElement('iframe');
document.body.insertBefore(iframe, document.body.firstChild)
iframe.src = '';
</script>
webpage B set the domain as 'xx'
<script>document.domain = 'xx';</script>
Then I access the localStorage of webpage B.
On webpage A, execute code:
window.iframe.contentWindow.localStorage.setItem('a', 'a')
Then an error will be given:
Error: The operation is insecure.
In the previous versions or other browser, the code can execute normally.
Anybody knows why?
It's a bug?
And.. How to solve this problem? Thx.
Just now I found a way to fix this problem.
I can't access the localStorage directly, but I can call the function of the iframe which can call the localStroage of its own webpage.
/// webpage B
<script>
document.domain = 'xx';
var ls = { ///< ls is short for localStorage.
setItem: function(k, v) {
return localStorage.setItem(k, v);
},
getItem: function(k) {
return localStorage.getItem(k);
},
removeItem: function(k) {
return localStorage.removeItem(k);
},
clear: function(){
return localStorage.clear();
}
}
</script>
Then I call ls.setItem etc. to access the localStorage of the iframe.
/// webpage A
<script>iframe.ls.setItem('a', 'b');</script>
Even though I can solve this problem, why firefox 13.0 cause this problem?
Today I upgrade my Firefox to 13.0. But something goes wrong with my javascript code.
There's a webpage A(www.xx.) and webpage B(webim.xx.). I embed B in A using iframe tag.
webpage A
first set the domain as 'xx.'
<script>document.domain = 'xx.';</script>
then create an iframe to load webpage B.
<script>
var iframe = document.createElement('iframe');
document.body.insertBefore(iframe, document.body.firstChild)
iframe.src = 'http://webim.xx.';
</script>
webpage B set the domain as 'xx.'
<script>document.domain = 'xx.';</script>
Then I access the localStorage of webpage B.
On webpage A, execute code:
window.iframe.contentWindow.localStorage.setItem('a', 'a')
Then an error will be given:
Error: The operation is insecure.
In the previous versions or other browser, the code can execute normally.
Anybody knows why?
It's a bug?
And.. How to solve this problem? Thx.
Just now I found a way to fix this problem.
I can't access the localStorage directly, but I can call the function of the iframe which can call the localStroage of its own webpage.
/// webpage B
<script>
document.domain = 'xx.';
var ls = { ///< ls is short for localStorage.
setItem: function(k, v) {
return localStorage.setItem(k, v);
},
getItem: function(k) {
return localStorage.getItem(k);
},
removeItem: function(k) {
return localStorage.removeItem(k);
},
clear: function(){
return localStorage.clear();
}
}
</script>
Then I call ls.setItem etc. to access the localStorage of the iframe.
/// webpage A
<script>iframe.ls.setItem('a', 'b');</script>
Even though I can solve this problem, why firefox 13.0 cause this problem?
Share Improve this question edited Jun 8, 2012 at 6:59 Miaonster asked Jun 7, 2012 at 9:41 MiaonsterMiaonster 1,5222 gold badges18 silver badges34 bronze badges1 Answer
Reset to default 4The old Firefox behavior was buggy, and the bug got fixed. Per spec, setting document.domain should have absolutely no effect on the behavior of localStorage, so in your case you're trying to set localStorage for a different domain, which is not allowed.
See https://bugzilla.mozilla/show_bug.cgi?id=495337 and the localStorage spec for details.