JSON.parse(window.top.name) can cause all JS to stop executing

Question

JSON.parse(window.top.name) can cause all JS to stop executing

Closed this issue 9 years ago · 8 comments

mkoryak commented 13 years ago

We just had a major issue on the site due to this bug.
in the 'window-name' adapter, there is a call:

data = window.top.name ? JSON.parse(window.top.name) : {}

when the window.top.name is not valid json, this will throw an exception which causes all JS loaded after this to fail.

fix is:

var data;
try {
data = window.top.name ? JSON.parse(window.top.name) : {}
} catch(e){
data = {};
}

qq40660 commented 9 years ago

mark

😕1

Answer 1 · 2011-12-31T03:33:14.000Z

I ran into this will links that call window.open(url) ... the window name in this case was the string '_blank'

The fix worked fine.

Answer 2 · 2012-05-27T22:15:07.000Z

Experienced the same problem. Please fix.

Answer 3 · 2012-12-12T23:53:26.000Z

👍 Just ran into this bad behavior, due to a bug in Firefox 17 where window.top.name does not get cleared between sites. Another site should not be able to crash my Javascript. :)

Answer 4 · 2012-12-13T18:28:10.000Z

Well, here I was going to fix this and send a pull request, but I see it's already been fixed in master.

Answer 5 · 2013-05-26T03:23:40.000Z

Thanks for this

Answer 6 · 2015-11-16T22:28:57.000Z

So, i assume this is never going to be fixed, right?

Answer 7 · 2015-11-16T22:46:45.000Z

This was fixed over 3 years ago without an update to this bug.