Commits on Mar 20, 2019

1. fix(react-dom): access iframe contentWindow instead of contentDocument …

   MDN has a list of methods for obtaining the window reference of an
   iframe:
   
   https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#Syntax
   
   fix(react-dom): check if iframe belongs to the same origin
   
   Accessing the contentDocument of a HTMLIframeElement can cause the browser
   to throw, e.g. if it has a cross-origin src attribute.
   Safari will show an error in the console when the access results in "Blocked a frame with origin". e.g:
   
   ```javascript
   try {
    $0.contentDocument.defaultView
   } catch (err) {
     console.log('err', err)
   }
   
   > Blocked a frame with origin X from accessing a frame with origin Y. Protocols, domains, and ports must match.
   > err – TypeError: null is not an object (evaluating '$0.contentDocument.defaultView')
   ```
   
   A safety way is to access one of the cross origin properties: Window or Location
   Which might result in "SecurityError" DOM Exception and it is compatible to Safari.
   
   ```javascript
   try {
    $0.contentWindow.location.href
   } catch (err) {
    console.log('err', err)
   }
   
   > err – SecurityError: Blocked a frame with origin "http://localhost:3001" from accessing a cross-origin frame. Protocols, domains, and ports must match.
   ```
   
   https://html.spec.whatwg.org/multipage/browsers.html#integration-with-idl

   

   renanvalentin committed Mar 20, 2019
   Configuration menu

   • View commit details
   • Copy full SHA for 07346f6
   • Browse repository at this point

   Copy the full SHA

   07346f6 View commit details

   Browse the repository at this point in the history