16 May 2011

Unsafe JavaScript attempt to access frame with URL in Chrome

Hello everybody,

This time I have found an interesting issue with Google Chrome browser.
The problem appears when you try to access the code from within the iframe which source has an url from the same domain.
For example you have two simple html files on your computer (ie page1.html and page2.html), where one of them contains an iframe:

<iframe src='page2.html' id='myFrame' />

If you try to change  or get something in/from page2.html through javascript you will have an error in Google Chrome. I will give an example with getting the title through javascript from inside page1.html like this:

$('myFrame').load(function() {
            var title = $(this).contents().find("title").html();

Note: I am using jQuery.

The above will give you an error in Google Chrome when you will open the file directly from windows explorer. The error will look like this:

Unsafe JavaScript attempt to access frame with URL file:///C:/Users/extremedevShowModalDialogSample/extremedevStart.html from frame with URL file:///C:/Users/extremedevShowModalDialogSample/extremedevTestPopup.html. Domains, protocols and ports must match.

For some reason Google Chrome considers page2.html a different domain and does not allow to access the content of the frame.

However this error will not appear if you will open those pages through Visual Studio, by doing the following steps:

  1. Open Visual Studio;
  2. Go to File -> Open -> Web Site;
  3. Select the folder where your html files are located;
  4. Press Open;
  5. Select the starting file;
  6. Right Click on it and press: View in Browser;
  7. Now your pages will work correctly without any errors.

I hope this article helped you and ... thanks for visiting my blog.
Please share this article with others!


Anonymous said...

Chrome treats every file:// URL as its own domain, so each is isolated from all the others. It does this as a security mechanism to prevent one rogue file from being able to access your whole system. Or something.

Roman Gherman said...

Yes, that's correct.

Thanks for visiting my blog,

Anonymous said...

man, your site is called extremedev and you use windows T.T

Anonymous said...

yes, it's extreeeme :)

Roman Gherman said...

Anonymous 12 December, 2011 23:39,

I am not sure I understand you.


Anonymous said...

They were trying to imply that the most important criterion for determining the skill of a developer is the operating system that one uses.

Anonymous said...

lol. extremedev and you don't even know how webkit works? you're funny :)

Thanigai arasu said...

I got the below exception in Safari:
Unsafe JavaScript attempt to access frame with URL https://newclassroom2.qaols.phoenix.edu/Tutor/TutoredFormativeAssessment.jsp?firstname=JOHN&lastname=ELLIOTT from frame with URL https://newclassroom2.qaols.phoenix.edu/Tutor/tutoredformativeassessment/AD3916F5E8AC7BE7E0E6C4E6616F1FB3.cache.html. Domains, protocols and ports must match.

here i am using the same port and domain .can anyone give solution for this.

Roman Gherman said...

Anonymous, one singple person can not know everything.

Thanigai arasu, sorry, I don't know why this is happening.

Developer Wun said...

@Roman: You're wrong. I happen to know EVERYTHING...

Post a Comment

your thoughts are welcome:

Need more? Leave comments and subscribe to my blog.