Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

Calling history.replaceState in data URI of an iframe causes error in Firefox and Edge #16900

Open
1 of 4 tasks
dikow opened this issue Sep 5, 2019 · 2 comments
Open
1 of 4 tasks

Comments

@dikow
Copy link

dikow commented Sep 5, 2019

I'm submitting a ...

  • regression from 1.7.0
  • security issue
  • issue caused by a new browser version
  • other

Current behavior:
When I use AngularJS 1.7.8 + ng-table 3.0.1 in an iframe that was loaded via data URI, I get errors in Firefox (NS_ERROR_FAILURE) and Edge (SecurityError). This is caused by calling history.replaceState in line 6630 of angular.js.

Expected / new behavior:
You should only execute history.replaceState if the script is not loaded within a data URI:

if (!document.URL.startsWith('data:text/html')) {
    history[replace ? 'replaceState' : 'pushState'](state, '', url);
}

Minimal reproduction of the problem with instructions:
You can verify the different browser behavior with this demo:
https://jsfiddle.net/2rtq8ezx/

AngularJS version: 1.7.8
Browser: Firefox 69, Edge 44

Anything else:
This is an example of the error in Firefox:

filename: "https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js"
lineNumber: 6630
name: "NS_ERROR_FAILURE"
result: 2147500037
stack:
Browser/self.url@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:6630:56
$LocationProvider/this.$get<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:15310:16
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
createInjector/protoInstanceInjector<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4930:37
getService@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5084:32
injectionArgs@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5109:58
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5133:18
createInjector/protoInstanceInjector<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4930:37
getService@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5084:32
injectionArgs@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5109:58
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5133:18
registerDirective/</<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:8778:43
forEach@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:387:20
registerDirective/<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:8776:13
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
enforcedReturnValue@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4976:37
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
createInjector/protoInstanceInjector<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4930:37
getService@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5084:32
addDirective@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10751:52
collectDirectives@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9980:15
compileNodes@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9751:22
compile@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9636:15
NgTableController</NgTableController.prototype.compileDirectiveTemplates@https://unpkg.com/[email protected]/bundles/ng-table.js:1441:22
compile/<@https://unpkg.com/[email protected]/bundles/ng-table.js:1123:28
bind/<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1388:18
invokeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:11266:9
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10585:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
publicLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9697:30
bootstrapApply/<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1965:27
$eval@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:19393:28
$apply@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:19492:25
bootstrapApply@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1963:15
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
doBootstrap@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1961:14
bootstrap@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1981:12
angularInit@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1866:5
@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:36430:5
i@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:27449
fireWith@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:28213
ready@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:30006
K@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:30368
@Sayan-dev
Copy link

If this issue is still required to be solved I can work on it

@gkalpak
Copy link
Member

gkalpak commented Oct 14, 2019

Thx for stepping up, @Sayan-dev 👍
AngularJS (1.x) is in LTS mode, so I am afraid we are no longer accepting changes that are not critical bug fixes into this project. (See https://blog.angular.io/stable-angularjs-and-long-term-support-7e077635ee9c for more details.)

If you are looking to contribute to an OSS project, you are more than welcome to come over to the Angular (2+) repo and look for issues with the "hotlist: community help" label: https://github.com/angular/angular/labels/hotlist%3A%20community-help

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants