Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

Calling history.replaceState in data URI of an iframe causes error in Firefox and Edge #16900

Open
Open
Calling history.replaceState in data URI of an iframe causes error in Firefox and Edge#16900
@dikow

Description

@dikow
dikow
opened on Sep 5, 2019

I'm submitting a ...

  • regression from 1.7.0
    security issue
    issue caused by a new browser version
    other

Current behavior:
When I use AngularJS 1.7.8 + ng-table 3.0.1 in an iframe that was loaded via data URI, I get errors in Firefox (NS_ERROR_FAILURE) and Edge (SecurityError). This is caused by calling history.replaceState in line 6630 of angular.js.

Expected / new behavior:
You should only execute history.replaceState if the script is not loaded within a data URI:

if (!document.URL.startsWith('data:text/html')) {
    history[replace ? 'replaceState' : 'pushState'](state, '', url);
}

Minimal reproduction of the problem with instructions:
You can verify the different browser behavior with this demo:
https://jsfiddle.net/2rtq8ezx/

AngularJS version: 1.7.8
Browser: Firefox 69, Edge 44

Anything else:
This is an example of the error in Firefox:

filename: "https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js"
lineNumber: 6630
name: "NS_ERROR_FAILURE"
result: 2147500037
stack:
Browser/self.url@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:6630:56
$LocationProvider/this.$get<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:15310:16
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
createInjector/protoInstanceInjector<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4930:37
getService@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5084:32
injectionArgs@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5109:58
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5133:18
createInjector/protoInstanceInjector<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4930:37
getService@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5084:32
injectionArgs@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5109:58
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5133:18
registerDirective/</<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:8778:43
forEach@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:387:20
registerDirective/<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:8776:13
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
enforcedReturnValue@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4976:37
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
createInjector/protoInstanceInjector<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4930:37
getService@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5084:32
addDirective@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10751:52
collectDirectives@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9980:15
compileNodes@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9751:22
compile@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9636:15
NgTableController</NgTableController.prototype.compileDirectiveTemplates@https://unpkg.com/ng-table@3.0.1/bundles/ng-table.js:1441:22
compile/<@https://unpkg.com/ng-table@3.0.1/bundles/ng-table.js:1123:28
bind/<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1388:18
invokeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:11266:9
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10585:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
publicLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9697:30
bootstrapApply/<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1965:27
$eval@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:19393:28
$apply@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:19492:25
bootstrapApply@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1963:15
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
doBootstrap@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1961:14
bootstrap@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1981:12
angularInit@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1866:5
@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:36430:5
i@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:27449
fireWith@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:28213
ready@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:30006
K@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:30368

Activity

Sayan-dev

Sayan-dev commented on Oct 14, 2019

@Sayan-dev
Sayan-dev
on Oct 14, 2019

If this issue is still required to be solved I can work on it

gkalpak

gkalpak commented on Oct 14, 2019

@gkalpak
gkalpak
on Oct 14, 2019
Member

Thx for stepping up, @Sayan-dev 👍
AngularJS (1.x) is in LTS mode, so I am afraid we are no longer accepting changes that are not critical bug fixes into this project. (See https://blog.angular.io/stable-angularjs-and-long-term-support-7e077635ee9c for more details.)

If you are looking to contribute to an OSS project, you are more than welcome to come over to the Angular (2+) repo and look for issues with the "hotlist: community help" label: https://github.com/angular/angular/labels/hotlist%3A%20community-help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @dikow@gkalpak@Sayan-dev

        Issue actions
          Calling history.replaceState in data URI of an iframe causes error in Firefox and Edge · Issue #16900 · angular/angular.js