问题
I want to access to the content of a script which is inside another HTML element which I can Identify easily. I've tried to find the element by getting the parent and then looking for a child but I've not been able to do it.
So I tried to get it just using the console in firefox and use that element to read the content and I'm not able to do it. It looks like this:
When I tried to do anything with that element I get a link to the following page and error:
Permission denied to access property. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Property_access_denied?utm_source=mozilla&utm_medium=firefox-console-errors&utm_campaign=default
Is not possible to access to that object for automatic testing with selenium?
回答1:
This error message...
Permission denied to access property. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Property_access_denied?utm_source=mozilla&utm_medium=firefox-console-errors&utm_campaign=default
...implies that the script/program was attempting to access an object for which you have no permission. This is likely an <iframe> element loaded from a different domain for which you violated the same-origin policy.
Same-origin policy
The Same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors.
origin
Two URLs have the same origin if the protocol, port (if specified), and host are the same for both. You may see this referenced as the "scheme/host/port tuple", or just "tuple". (A "tuple" is a set of items that together comprise a whole — a generic form for double/triple/quadruple/quintuple/etc.)
An Example
The following table gives examples of origin comparisons with the URL http://store.company.com/dir/page.html
:
URL Outcome Reason
http://store.company.com/dir2/other.html Success Only the path differs
http://store.company.com/dir/inner/another.html Success Only the path differs
https://store.company.com/page.html Failure Different protocol
http://store.company.com:81/dir/page.html Failure Different port (http:// is port 80 by default)
http://news.company.com/dir/page.html Failure Different host
You can also find [origin definition for file: URLs] where the comparison is more complicated.
Inherited origins
Scripts executed from pages with an about:blank
or javascript:
URL inherit the origin of the document containing that URL, since these types of URLs do not contain information about an origin server.
For example,
about:blank
is often used as a URL of new, empty popup windows into which the parent script writes content (e.g. via theWindow.open()
mechanism). If this popup also contains JavaScript, that script would inherit the same origin as the script that created it.
data:
: URLs get a new, empty, security context.
Changing origin
A page may change its own origin, with some limitations. A script can set the value of document.domain
to its current domain or a superdomain of its current domain. If set to a superdomain of the current domain, the shorter superdomain is used for same-origin checks.
For example, assume a script from the document at http://store.company.com/dir/other.html
executes the following:
document.domain = "company.com";
Afterward, the page can pass the same-origin check with http://company.com/dir/page.html
(assuming http://company.com/dir/page.html
sets its document.domain to company.com
to indicate that it wishes to allow that). However, company.com
could not set document.domain
to othercompany.com
, since that is not a superdomain of company.com
.
The port number is checked separately by the browser. Any call to document.domain
, including document.domain = document.domain
, causes the port number to be overwritten with null
. Therefore, one cannot make company.com:8080
talk to company.com
by only setting document.domain = "company.com"
in the first. It has to be set in both so their port numbers are both null.
Note: When using
document.domain
to allow a subdomain to access its parent securely, you need to setdocument.domain
to the same value in both the parent domain and the subdomain. This is necessary even if doing so is simply setting the parent domain back to its original value. Failure to do this may result in permission errors.
Solution
You need to induce WebDriverWait while switching frames as follows:
Java sample code:
new WebDriverWait(driver, 10).until(ExpectedConditions.frameToBeAvailableAndSwitchToIt(By.id("iframe_id")));
Python sample code:
WebDriverWait(driver, 10).until(EC.frame_to_be_available_and_switch_to_it((By.ID,"iframe_id")))
Outro
A couple of related discussions:
- Ways to deal with #document under iframe
- Uncaught DOMException: Blocked a frame with origin “http://localhost:8080” from accessing a cross-origin frame while listing the iframes in page
来源:https://stackoverflow.com/questions/55621387/error-permission-denied-to-access-property-x-due-to-same-cross-origin-policy