From 7ab201e13360dbd118a98ab46cf226bb1d249517 Mon Sep 17 00:00:00 2001 From: hackademix Date: Mon, 8 Apr 2019 15:46:52 +0200 Subject: [PATCH] Catch SecurityException thrown on cross-origin wrappedJSObject access. --- src/content/staticNS.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/content/staticNS.js b/src/content/staticNS.js index 3561162..7959341 100644 --- a/src/content/staticNS.js +++ b/src/content/staticNS.js @@ -69,7 +69,12 @@ // The cookie hack won't work for non-HTTP subframes (issue #48), // or the cookie might have been deleted in a race condition, // so here we try to check the parent - let checkParent = parent.wrappedJSObject.checkNoScriptUnrestricted; + let checkParent = null; + try { + checkParent = parent.wrappedJSObject.checkNoScriptUnrestricted; + } catch (e) { + // may throw a SecurityException for cross-origin wrappedJSObject access + } if (typeof checkParent === "function") { try { let challenge = uuid();