Enter key fails if CKEditor is used in a cross domain frame

[Jakub Ś]

Ticket based on #9217

1. Open attached file
2. Type few chars and press enter.

Results:
FF - Error: Permission denied to access property 'parentNode'
Chrome - Unsafe JavaScript attempt to access frame with URL ​file:///C:/Users/Desktop/cke.html from frame with URL ​http://nightly.ckeditor.com/latest/ckeditor/_samples /replacebyclass.html. Domains, protocols and ports must match.
Opera - Unhandled Error: Security error: attempted to read protected variable IE - No errors.

Proposed by @alfonsoml: CKEditor the one that should prevent reaching the parent frame. Below is the example code for getParen method:

etParent : function()
		{
			try
			{
				var parent = this.$.parentNode;
				return ( parent && parent.nodeType == 1 ) ? new CKEDITOR.dom.node( parent ) : null;
			}
			catch (e)
			{
				return null;
			}
		},

[Jakub Ś]

#10997 was marked as duplicate.

[Istvan Petres]

Hi Guys,

I just bumped into this bug myself and would like to confirm that I'm using the latest ckEditor (4.2.2) and can duplicate this bug using the following steps:

1. Load a website using http
2. Load an iframe within that website using https
3. Click the insert Image icon on the toolbar
4. Define an url and click OK button on the dialog

RESULT: Error: Permission denied to access property 'parentNode'. BUT the image is still inserted it's just that the dialog isn't closed.

FIX: Putting the code within try/catch blocks (just like the op noted above) will fix this problem and everything works just perfectly.

Can you please implement this fix in the next release as it's a very quick fix and would help us not to do this ourselves every time there is a new ckEditor release. I know it's related to cross domain problem (even if the domain is the same but the protocols are different http vs https) the fix works perfectly and you anyway return null if somethings is wrong so I thin it's pretty safe to return null in these cases too.

Thanks guys!

Regards, Julius

[Ben]

Hi there,

This bug is also affecting us. I'd like to add that an extra blank paragraph is inserted every time the Enter key is pressed. The patch above causes this behaviour to disappear.

Cheers, Ben

[Piotrek Koszuliński]

The proposed solution with try-catch inside getParent() will of course prevent an error hitting the top of the stack, but it's not a real solution. It will not heal the disease but hide its symptoms.

We'll check this issue in 4.4.3.

[Piotrek Koszuliński]

I'm not able to reproduce issue described by j.swiderski. Checked FF, Chrome, IE8.

[Jakub Ś]

I wasn't able to reproduce this problem as well (It wasn't the case 22 months ago :) ).

@alfonsoml are you perhaps able to reproduce this problem on current master?

[Piotrek Koszuliński]

I checked also that scenario with inserting image (comment:3) and it also seems to be ok. I'm closing this ticket, but if anyone is able to provide a scenario in which error is thrown, we can reopen it.

[Alfonso Martínez de Lizarrondo]

Replying to j.swiderski:

I wasn't able to reproduce this problem as well (It wasn't the case 22 months ago :) ).

@alfonsoml are you perhaps able to reproduce this problem on current master?

I don't use this kind of setup, and I'm not planning to test anything on master at the moment.

[Jakub Ś]

Replying to alfonsoml:

Replying to j.swiderski:

I wasn't able to reproduce this problem as well (It wasn't the case 22 months ago :) ).

@alfonsoml are you perhaps able to reproduce this problem on current master?

I don't use this kind of setup, and I'm not planning to test anything on master at the moment.

@alfonsoml no problem. I thought that perhaps you have some other scenario where this issue occurs. It was you after all who had given me vital information to create this ticket: ​http://dev.ckeditor.com/ticket/9217#comment:7.