Bug 75426

Summary: referencing a Window object returned from window.open() after new window is navigated to a new domain causes the script to halt
Product: [Applications] konqueror Reporter: Oded Arbel <oded>
Component: khtml ecmaAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Mandrake RPMs   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: test case

Description Oded Arbel 2004-02-17 10:50:47 UTC 
Version:            (using KDE KDE 3.2.0)
Installed from:    Mandrake RPMs
Compiler:          gcc 3.3.2 
OS:          Linux

See Bug #73857 comment 5 for the original description of the problem.

When an object returned from window.open() is referenced after the new window was used to call another URL (from another domain), js will block all references to that object with this message  (in the debug log): 
khtml (jscript): WARNING: JavaScript: access denied for current frame '' to frame 'www.someotherdomain.com'
After doing that, it will halt the currect excuting script and the following error can be seen in the javascript error log :
TypeError: no default value define.

I'm not sure what are the security concerns with this (I guess they are major), but I think it shouldn't cause the script to halt. either allow some "safe" operations on the window object to called - such as close() - or just ignore the command (maybe return undefined) and let the rest of the script continue execution.
Comment 1 Oded Arbel 2004-02-17 10:52:38 UTC 
Created attachment 4747 [details]
test case

Test case for the problem:
- click the button
- go to the newly opened window/tab and navigate to a URL in another domain
- go back to the original page and click the button again.

Expected behavior - the new window will be closed and reopened.
Current behavior - the script halts execution with an error.
Comment 2 Oded Arbel 2004-02-17 10:57:51 UTC 
Hmm. apparently the test case does not work anymore even for the simple case of clicking the button once and then again, because the first window is now 'bugs.kde.org' and the new window is '':
khtml (jscript): WARNING: JavaScript: access denied for current frame 'bugs.kde.org' to frame ''

it used to run on my local file system where the domain is always ''.

Anyway - this just goes to prove my point: once you open a window to a URL which is not your domain, you lose all access to the returned window object. other browsers (Mozilla and IE come to mind) allow you to call some methods on the resulting window object.
Comment 3 Harri Porten 2005-05-07 14:34:24 UTC 
The lookup for the properties valueOf and toString fails when trying to "print"
the window object. I fail to understand how as the isSafeScript() functions shouldn't really get into the way in this case.
Comment 4 Harri Porten 2007-02-11 22:59:44 UTC 
Fixed now for KDE 3.3.7. The valueOf() and toString() functions were not accessible across sites but should have been. They just return [object Window] but
that was still vital for your if (popUpWin && ....) test.