Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

Calling history.replaceState in data URI of an iframe causes error in Firefox and Edge #16900

Open
Open
Calling history.replaceState in data URI of an iframe causes error in Firefox and Edge#16900
@dikow

Description

@dikow
dikow
opened on Sep 5, 2019

I'm submitting a ...

  • regression from 1.7.0
  • security issue
  • issue caused by a new browser version
  • other

Current behavior:
When I use AngularJS 1.7.8 + ng-table 3.0.1 in an iframe that was loaded via data URI, I get errors in Firefox (NS_ERROR_FAILURE) and Edge (SecurityError). This is caused by calling history.replaceState in line 6630 of angular.js.

Expected / new behavior:
You should only execute history.replaceState if the script is not loaded within a data URI:

if (!document.URL.startsWith('data:text/html')) {
    history[replace ? 'replaceState' : 'pushState'](state, '', url);
}

Minimal reproduction of the problem with instructions:
You can verify the different browser behavior with this demo:
https://jsfiddle.net/2rtq8ezx/

AngularJS version: 1.7.8
Browser: Firefox 69, Edge 44

Anything else:
This is an example of the error in Firefox:

filename: "https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js"
lineNumber: 6630
name: "NS_ERROR_FAILURE"
result: 2147500037
stack:
Browser/self.url@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:6630:56
$LocationProvider/this.$get<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:15310:16
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
createInjector/protoInstanceInjector<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4930:37
getService@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5084:32
injectionArgs@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5109:58
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5133:18
createInjector/protoInstanceInjector<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4930:37
getService@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5084:32
injectionArgs@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5109:58
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5133:18
registerDirective/</<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:8778:43
forEach@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:387:20
registerDirective/<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:8776:13
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
enforcedReturnValue@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4976:37
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
createInjector/protoInstanceInjector<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:4930:37
getService@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5084:32
addDirective@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10751:52
collectDirectives@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9980:15
compileNodes@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9751:22
compile@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9636:15
NgTableController</NgTableController.prototype.compileDirectiveTemplates@https://unpkg.com/ng-table@3.0.1/bundles/ng-table.js:1441:22
compile/<@https://unpkg.com/ng-table@3.0.1/bundles/ng-table.js:1123:28
bind/<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1388:18
invokeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:11266:9
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10585:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
nodeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:10579:11
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9832:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
compositeLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9835:13
publicLinkFn@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:9697:30
bootstrapApply/<@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1965:27
$eval@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:19393:28
$apply@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:19492:25
bootstrapApply@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1963:15
invoke@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:5141:19
doBootstrap@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1961:14
bootstrap@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1981:12
angularInit@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:1866:5
@https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.8/angular.js:36430:5
i@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:27449
fireWith@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:28213
ready@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:30006
K@https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js:2:30368

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions