Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Uncaught SecurityError loading MathJax from sandboxed iframe #821

kswenson opened this issue May 13, 2014 · 2 comments


None yet
2 participants
Copy link

commented May 13, 2014

Attempting to load the MathJax library within a sandboxed iframe (e.g. <iframe sandbox="allow-scripts" ...>) in Chrome results in "Uncaught SecurityError: Failed to read the 'cookie' property from 'Document': The document is sandboxed and lacks the 'allow-same-origin' flag."

The code in question is in the Get() method on line 1056 of MathJax.js:

var match = pattern.exec(document.cookie);

Replacing this with:

var match;
try {match = pattern.exec(document.cookie);} catch (err) {} // ignore errors reading cookies

is sufficient to avoid the error. Note that the writing of the cookie in the Set() method is already similarly protected:

try {document.cookie = cookie+"; path=/"} catch (err) {} // ignore errors saving cookies

@dpvc dpvc added the Accepted label May 19, 2014

@dpvc dpvc added this to the Bugfix Version milestone May 19, 2014

dpvc pushed a commit to dpvc/MathJax that referenced this issue May 22, 2014


This comment has been minimized.

Copy link

commented May 27, 2014

=> Merged.

@dpvc dpvc closed this May 27, 2014

dpvc pushed a commit to mathjax/MathJax-test that referenced this issue May 27, 2014


This comment has been minimized.

Copy link

commented May 27, 2014

=> In test suite

Crashtests/issue821.html (this must be run through a server, not as a file:// URL)

@dpvc dpvc added v2.4 and removed Merged labels Jun 30, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.