Catch SecurityException thrown on cross-origin wrappedJSObject access.

2019-04-08 15:46:52 +02:00 · 2019-04-08 15:46:52 +02:00 · 7ab201e133
parent a489c192d6
commit 7ab201e133
1 changed files with 6 additions and 1 deletions
--- a/src/content/staticNS.js
+++ b/src/content/staticNS.js
@ -69,7 +69,12 @@
          // The cookie hack won't work for non-HTTP subframes (issue #48),
          // or the cookie might have been deleted in a race condition,
          // so here we try to check the parent
-          let checkParent = parent.wrappedJSObject.checkNoScriptUnrestricted;
+          let checkParent = null;
+          try {
+            checkParent = parent.wrappedJSObject.checkNoScriptUnrestricted;
+          } catch (e) {
+            // may throw a SecurityException for cross-origin wrappedJSObject access
+          }
          if (typeof checkParent  === "function") {
            try {
              let challenge = uuid();