-
Notifications
You must be signed in to change notification settings - Fork 5.8k
Don't change the URL of the main execution context on phantom::exit
#12720
Conversation
phantom::exit
We shouldn't change the URL of the main execution context. Because this will change security policy of our main frame which leads to the following message: `Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL file://bla.js. Domains, protocols and ports must match.` We can fix it by isolating main frame of PhantomJS execution context. We can destroy it separately.
9503409
to
de90366
Compare
👍 thank you |
👍 |
LGTM. 👍 |
@ariya ping |
@ariya also, can you publish new release with this? it's a very annoying issue :/ |
@vitallium The URL change is part of the backport of the fix in #12431. I know it might not be needed on Windows, but maybe there was a reason it's needed in Linux? @milianw Do you still recall the reason for that? |
@mickaelandrieu It's unlike there will be 1.9.9 release. 1.9.8 was an exception due to SSLv3/POODLE. Doing a release is costly and we'd rather spend more time finishing PhantomJS 2. Note that you can always build PhantomJS yourself. It doesn't take more than 30 minutes. |
ariya/phantomjs#12720 Note: **npm package** phantomjs 1.9.11 is last to use phantomjs binary 1.9.7.
@vitallium I will land this anyway on 1.9 branch. |
@ariya I don't think this PR breaks |
@vitallium I think it's historical baggage. |
is this merged into master ? |
so this PR was closed, but was this merged to master ? I'm still having the problem with version 1.9.16 |
@alexserver I have the same issue. 1.9.16 is the version of the node wrapper for Phantom (https://github.com/Medium/phantomjs) which currently uses the last release of the 1.9 branch of Phantom. Unfortunately, the latest release (1.9.8) doesn't include this fix and it seems like there aren't any plans to do another release on the 1.9 branch. If you use 1.9.11 of the node wrapper it should fix the issue. |
@tedtate Oh I understand, it is confusing to see this between the node wrapper and the phantomjs binary. thanks man. |
Hello! You have a new message, please read http://find-it-usa.com/boil.php?mx |
We shouldn't change the URL of the main execution context. Because this will change security policy of our main frame which leads to the following message:
Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL file://bla.js. Domains, protocols and ports must match.
We can fix it by isolating main frame of PhantomJS execution context. We can destroy it separately.
This fixes: #12697 #12660