vim-vixen
vim-vixen copied to clipboard
ueokande
Addon breaks Website 'SecurityError: Permission denied to access property "document" on cross-origin object'
I'm opening this issue because:
- [X] I'll report a bug
- [ ] I'll propose a new feature
Description
If the addon is activated, the webmail keeps showing the loading screen which prevents any other actions. The developer console shows an error message (see below) which is not shown if the addon is disabled.
All other addons have been deactivated during the test.
Steps to Reproduce
- Navigate to www.posteo.de
- Login
- Loading screen appears and won't go away.
System configuration
-
Operating system: Reproducable with Windows 7, Windows 10 Home and Pro.
-
Firefox version: Firefox 57.0 (64bit)
-
Vim-Vixen version: 0.6
Console logs
This is the error message shown in the developer console:
SecurityError: Permission denied to access property "document" on cross-origin object jquery.js:2 contents https://posteo.de/webmail/program/js/jquery.js:2:26531 map https://posteo.de/webmail/program/js/jquery.js:2:3776 n.fn[a] https://posteo.de/webmail/program/js/jquery.js:2:26667 rcube_context_menu/this.init https://posteo.de/webmail/plugins/contextmenu/contextmenu.js:1:7943 rcm_callbackmenu_init https://posteo.de/webmail/plugins/contextmenu/contextmenu.js:1:4016 rcm_listmenu_init https://posteo.de/webmail/plugins/contextmenu/contextmenu.js:1:51 <anonym> https://posteo.de/webmail/plugins/contextmenu/skins/posteo_green/functions.js:1:1297 triggerEvent https://posteo.de/webmail/program/js/common.js:16:8727 rcube_webmail/this.init_message_row https://posteo.de/webmail/program/js/app.js:22:2897 rcube_webmail/this.init/< https://posteo.de/webmail/program/js/app.js:21:3186 triggerEvent https://posteo.de/webmail/program/js/common.js:16:8727 init_row https://posteo.de/webmail/program/js/list.js:19:2039 insert_row https://posteo.de/webmail/program/js/list.js:19:4624 rcube_webmail/this.add_message_row https://posteo.de/webmail/program/js/app.js:22:5947 <anonym> https://posteo.de/webmail/program/js/app.js:5:1 rcube_webmail/this.http_response https://posteo.de/webmail/program/js/app.js:24:21571 success https://posteo.de/webmail/program/js/app.js:24:20529 j https://posteo.de/webmail/program/js/jquery.js:2:27131 fireWith https://posteo.de/webmail/program/js/jquery.js:2:27949 x https://posteo.de/webmail/program/js/jquery.js:4:22242 b https://posteo.de/webmail/program/js/jquery.js:4:26298
Same here (Firefox 58.0.1, linux/x86_64). Drag-n-drop is not working, "SecurityError: Permission denied to access property "document" on cross-origin object" in the console. Disabling the addon fixes the issue.
Same here (Firefox 59.0.2, Ubuntu 16.04 Xenial). Blacklisting the site doesn't help.
Any progress on this issue?
Fixed for Tridactyl: https://github.com/cmcaine/tridactyl/issues/279
This is still an issue, though to be fair, I think it's generally the web site's fault. Typically, I've seen this error when a site iterates through all IFRAMEs on the page, and performs some action on each one regardless of its origin. In the case of the Vim-Vixen frame, doing almost anything will cause a cross-origin security exception, because its SRC is a moz-extension URL.
Which means the only feasible answer is probably to blacklist the sites that break. Except... blacklisting doesn't seem to stop Vim-Vixen injecting its IFRAME, and so nothing short of disabling the addon completely resolves the problem. I'll raise a separate issue for that.
Blacklisting seems to work now for ServiceNow, but the page still breaks without it.
