Change the contentDocument attribute and the getSVGDocument() method of HTMLEmbedElement, HTMLIframeElement, and HTMLObjectElement to return null on cross-origin access, rather than throwing an exception.

Documentation

Specification

Established standard

Status in Chromium

Blink>HTML


In development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Shipped/Shipping
  • No signal
  • No signal
  • No signals

Owner

Comments

Note that Edge and Safari both match current Chrome behavior. Firefox is the only browser that returns null on cross-origin access. It is possible that there are documents that catch the thrown exception and using it to do something different when thrown (e.g. using postMessage to communicate with the cross-origin context instead). However, given that Firefox behavior has differed for several years, I suspect that is not likely to be an issue.

Last updated on 2021-05-30