PDA

View Full Version : YAHOO.ext.util.CSS's this.getRules Cross-Domain Security FF



chinohillsbanditos
14 Oct 2006, 1:40 AM
This isn't a major bug for the common folk, well, it might not exactly even be a real bug, but here it is...

Inside yutil.js YAHOO.ext.util.CSS's this.getRules function will throw an exception only in Firefox (IE6 is fine) if the yui-ext.js javascript is loaded from another domain and it trys to access a css file that is loaded within a domain that is not within the originating URL. Yeah, the cross-domain security stuff....

Uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "http://sub.domain/scripts/yuiext/yui-ext.js Line: 19"]

First I had to add a try{} catch(e){} inside the getRules function at the inside beginning of the outer loop. That just hides the security error, then to get the grid working correctly I had to move the grid.css to the main domain instead of the static-only file server on the subdomain.

jack.slocum
14 Oct 2006, 1:56 AM
That is an interesting one. Thank you for posting about it. I have added a try/catch to the loop to avoid the error. Is this similar to what you did? I added it inside the loop so it still caches the rules that it can.



this.getRules = function(refreshCache){
if(rules == null || refreshCache){
rules = {};
var ds = document.styleSheets;
for(var i =0, len = ds.length; i < len; i++){
try{
var ss = ds[i];
var ssRules = ss.cssRules || ss.rules;
for(var j = ssRules.length-1; j >= 0; --j){
rules[ssRules[j].selectorText] = ssRules[j];
}
}catch(e){} // try catch for cross domain access issue
}
}
return rules;
};

chinohillsbanditos
14 Oct 2006, 11:53 AM
Yeah, the new code now looks exactly how I added it. Thanks :)

jack.slocum
14 Oct 2006, 12:03 PM
Thanks for reporting it! Nice timing too, I was just putting the final touches on a release and it was easy to add in.