Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-3897

datebox js error causes cross-origin errors

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 8.5.1
    • Fix Version/s: 8.5.1.1
    • Component/s: Components
    • Security Level: Jimmy
    • Labels:
      None

      Description

      Steps to Reproduce

      run this zkfiddle using 8.5.1
      http://zkfiddle.org/sample/1tsvk50/2-datebox-causing-cross-origin-error-when-used-in-iframe

      Current Result

      page fails to initialize inside an iframe
      when executed in a single page it seemingly works

      Expected Result

      db should also run inside an iframe

      Debug Info

      the error displayed in the console is only the 2nd error occuring

      zk.wpd:37475 Uncaught TypeError: Cannot read property 'prototype' of undefined
          at zk.wpd:formatted:41598
          at zk.wpd:formatted:41629
          at doEnd (zk.wpd:formatted:24099)
          at Function._zkf (zk.wpd:formatted:24141)
          at VM289 zul.db.wpd:3681
          at doEnd (zk.wpd:formatted:24099)
          at Function._zkf (zk.wpd:formatted:24141)
          at VM292 zul.inp.wpd:5135
          at doEnd (zk.wpd:formatted:24099)
          at Function._zkf (zk.wpd:formatted:24141)
      

      zul.db.Datebox is undefined

      Root Cause

      enable pause at exception reveals another exception caused by an unintended cross origin access to the parent frame.

      Uncaught DOMException: Blocked a frame with origin "http://temp.zkfiddle.org:1223" from accessing a cross-origin frame.
          at eval (eval at _getTimeZone (http://temp.zkfiddle.org:1223/t851icb/zkau/web/_zv2018030612/js/zul.db.wpd:1697:26), <anonymous>:1:12)
          at _getTimeZone (http://temp.zkfiddle.org:1223/t851icb/zkau/web/_zv2018030612/js/zul.db.wpd:1697:26)
          at http://temp.zkfiddle.org:1223/t851icb/zkau/web/_zv2018030612/js/zul.db.wpd:1977:58
          at http://temp.zkfiddle.org:1223/t851icb/zkau/web/_zv2018030612/js/zul.db.wpd:2717:3
          at doEnd (http://temp.zkfiddle.org:1223/t851icb/zkau/web/14635aef/js/zk.wpd:23972:4)
          at Function._zkf (http://temp.zkfiddle.org:1223/t851icb/zkau/web/14635aef/js/zk.wpd:24011:4)
          at http://temp.zkfiddle.org:1223/t851icb/zkau/web/_zv2018030612/js/zul.inp.wpd:5135:13
          at doEnd (http://temp.zkfiddle.org:1223/t851icb/zkau/web/14635aef/js/zk.wpd:23972:4)
          at Function._zkf (http://temp.zkfiddle.org:1223/t851icb/zkau/web/14635aef/js/zk.wpd:24011:4)
          at http://temp.zkfiddle.org:1223/t851icb/zkau/web/_zv2018030612/js/zk.fmt.wpd:529:13
      (anonymous) @ VM1966:1
      _getTimeZone @ zul.db.wpd:1697
      (anonymous) @ zul.db.wpd:1977
      (anonymous) @ zul.db.wpd:2717
      doEnd @ zk.wpd:23972
      _zkf @ zk.wpd:24011
      (anonymous) @ zul.inp.wpd:5135
      doEnd @ zk.wpd:23972
      _zkf @ zk.wpd:24011
      (anonymous) @ zk.fmt.wpd:529
      doEnd @ zk.wpd:23972
      _zkf @ zk.wpd:24011
      (anonymous) @ zul.inp.wpd:5135
      

      the root is the initial access to "this" in these 2 statements (at this time "this" refers to the global window object and not the current instance of the widget):
      https://github.com/zkoss/zk/blob/v8.5.1/zul/src/archive/web/js/zul/db/Calendar.js#L322-L323

        Issue Links

          Activity

          Hide
          rudyhuang rudyhuang added a comment -

          Fixed since 2018/03/16

          Show
          rudyhuang rudyhuang added a comment - Fixed since 2018/03/16

            People

            • Assignee:
              rudyhuang rudyhuang
              Reporter:
              cor3000 cor3000
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 4 hours
                4h
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 hours
                4h