4

I have an iframe nested in my main page. The iframe contains the following script:

var adfoxPlaceholderId = 'placeholder';
var adfoxWindow = window;
var adfoxDocument = window.document;
var adfoxPlaceholder = adfoxDocument.getElementById(adfoxPlaceholderId);

try {
    while((adfoxPlaceholder == null) && (adfoxWindow != window.top)) {
        adfoxWindow = adfoxWindow.parent;
        adfoxDocument = adfoxWindow.document;
        adfoxPlaceholder = adfoxDocument.getElementById(adfoxPlaceholderId);
    }
} catch(ex) {
    console.log('catch-block');
}

The script breaks on line adfoxDocument = adfoxWindow.document; because of the security policy (the iframe and the main page are from different urls). My question is why isn't this error caught by catch block as if it wasn't put into the try-catch block? Thank you.

Randy the Dev
  • 25,810
  • 6
  • 43
  • 54
user1614172
  • 41
  • 3
  • Please make your question readable by formatting the code. – Mitya Aug 21 '12 at 12:30
  • 2
    You have two lines with `adfoxDocument = adfoxWindow.document`, one of them inside the try/catch block. Are you sure the first is the one it is breaking? – davids Aug 21 '12 at 12:38
  • I'm sure this not happen on IE, Chrome, Safari and FF. What browser/version are you getting this error? – Marcelo De Zen Aug 21 '12 at 12:44
  • try putting the try catch in the while and setting adfoxPlaceholder = null in the catch. I have no idea if this is gonna work because of no working fiddle. But normaly crossdomain warnings are catchable in javascript, i have done this a couple of times not with a while loop but with a setInterval. – Mient-jan Stelling Aug 21 '12 at 13:00
  • The line "adfoxDocument = adfoxWindow.document" is only once here, in try block. The "var adfoxDocument = window.document;" is right. – user1614172 Aug 21 '12 at 13:02

2 Answers2

2

This is happening because it's not a javascript exception. It's a browser security feature. This is happening because your iframe and your website dont have the same URL.

source of Same Origin Policy can be found here.

That being said, there are way to "circumvent" this policy via third party tools or javascript tricks

here are a few options"

easyXDM

ways-to-circumvent-the-same-origin-policy

I hope that helps

Community
  • 1
  • 1
Eric Robinson
  • 2,025
  • 14
  • 22
  • Miss-leading information: `why isn't this error caught by catch block` by OP. – Eric Robinson Aug 21 '12 at 12:54
  • Although your still getting the error message because of the Same Origin Policy. read the source. it might clear things up a little. – Eric Robinson Aug 21 '12 at 12:55
  • Yes, you will get this error and the questioner knows that. But the question is *why this error is not caught by the try/catch block* (actually it is caught). The questions is not about prevent the error. – Marcelo De Zen Aug 21 '12 at 12:58
  • Sorry for misleading, Eric, I said nothing about browsers I had tested. Opera doesn't show "catch-block" string in console, IE works right(catchs the exception), FF, Chrome show both, "catch-block" and thrown error. Thanks for the answer, I'll read. – user1614172 Aug 21 '12 at 13:00
  • 1
    From my experience the error is not caught by try/catch block, and this looks like a flaw in browsers because they do not provide an option to process situation gracefully (without stopping entire script), and the only workaround is to wrap potentially dangerous code in another code condition bypassing try/catch and wasting all its power. Isn't that ridiculous? – Stan Nov 26 '15 at 15:06
0

This does not happen in my tests. Testing on IE, FF, Chrome and Safari. The error is not in the code you've posted in your question.

http://jsfiddle.net/hg2cs/1/

Marcelo De Zen
  • 9,439
  • 3
  • 37
  • 50
  • Anyway you have a thrown error in console. How can I prevent it? – user1614172 Aug 21 '12 at 13:08
  • If by prevent you mean "prevent the error to be displayed in console", you can't. This is not a big deal anyway, the user will not see it, only another curious developers. – Marcelo De Zen Aug 21 '12 at 13:13
  • Yes, I mean this. Unfortunately it's an important question for me because I work with other developers and curious users. So could you please show some links, if you have, to confirm that it's impossible to prevent console from displaying? – user1614172 Aug 21 '12 at 13:26
  • Links? There is no links, your code is the proof. There is no a standard ISO for console behavior in browser. The decision to display or not the error in console is taken by the browser vendor. IE and FF do not display since you are catching the error. Safari e Chrome show it anyway even before your code catch the exception. I suspect this is a Webkit behavior. Erros like these in console is not a problem, unless you're doing something you supposedly should not be doing... – Marcelo De Zen Aug 21 '12 at 13:38