Opened 10 years ago
Closed 10 years ago
#11649 closed Bug (expired)
node.js: cross domain getPrarent() permission access denied error
| Reported by: | Feng | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | General | Version: | |
| Keywords: | Cc: |
Description (last modified by )
Hi CKEditor team,
So we iframed a page using CKEditor in another page with different domain. Since getParent() in core/dom/noide.js could try to access the parent of this.$ (which could be a "document" level node) that will give access denied permission error.
I would suggest below code:
getParent: function( allowFragmentParent ) {
var parent;
try{
parent = this.$.parentNode;
} catch(err){
//for no permission to access the parentNode
parent = null;
}
return ( parent && ( parent.nodeType == CKEDITOR.NODE_ELEMENT || allowFragmentParent && parent.nodeType == CKEDITOR.NODE_DOCUMENT_FRAGMENT ) ) ? new CKEDITOR.dom.node( parent ) : null;
},
Change History (7)
comment:1 Changed 10 years ago by
comment:2 Changed 10 years ago by
| Description: | modified (diff) |
|---|---|
| Version: | 4.3.2 |
comment:3 Changed 10 years ago by
| Component: | Core : DTD → General |
|---|---|
| Status: | new → pending |
The question is why is this code throwing permission denied error. If the method is used correctly it should not throw anything. Could you describe in what scenario does the problem occur and on which IEs? You can also attach an HTML sample on which it happens.
comment:4 Changed 10 years ago by
- If possible please send us reduced HTML page that shows this problem.
- If I understand correctly you have CKEditor on page http://a.com and you are using it through iframe on page http://b.com. Is that correct?
- When does the issue occur - when you load editor or there is some extra code of yours in a.com that e.g. tries to get some information from b.com? Please describe it in more detail.
- On which browsers does it happen?
comment:5 Changed 10 years ago by
- I will prepare a sample HTML page and attach here later today.
- Your assumption is correct.
- Correct.
- The problem happens for me on IE9 and QA reported with IE8 too.
comment:6 Changed 10 years ago by
- In point three I have actually asked two questions (I should have been more specific) . I have asked if this is happening on load or whether you try to get some information from other domain with JavaScript? Which of these two is correct?
- Assuming that you are trying to get some information from other domain could you tell me:
- Does it happen in other browsers or only in IE?
- What are these domains? I mean are they something like
a.comandb.com(completely two different domains) or more likea.comandsubdomain.a.com(there is parent domain subdomain "relation")?
comment:7 Changed 10 years ago by
| Resolution: | → expired |
|---|---|
| Status: | pending → closed |
Note: See
TracTickets for help on using
tickets.
I messed up the format above. The wikiFormatting doesn't take {code} marcos. :(
This is what I mean:
getParent: function( allowFragmentParent ) { var parent; try{ parent = this.$.parentNode; } catch(err){ parent = null; } return ( parent && ( parent.nodeType == CKEDITOR.NODE_ELEMENT || allowFragmentParent && parent.nodeType == CKEDITOR.NODE_DOCUMENT_FRAGMENT ) ) ? new CKEDITOR.dom.node( parent ) : null; },This might not be the best solution. If we could handle "parentNode" more gracefully then it would be even better.