Layer alignment code accessing window.frames in an unsafe way

Description

AUI's trigger module was updated to look for and work with elements across iframe boundaries.

If any component using trigger for its alignment is used, it may throw a DOMException when access to the iframe's document is denied.

References:

Acceptance criteria

  • silently catch exceptions

  • check if fix works with code examples posted by community

Environment

None

QA Kickoff Check-In

  • Needs unit tests

  • Test scenarios:

    • On page where at least one iframe on the page denies access to the parent page,

      • Align an Inline Dialog2 to the trigger; open inline dialog

      • ...others?

    • ...Other valid setups? e.g., AUI code running in iframe and needs to reach parent doc?

QA Demo Check-Out

Works in P2 plugin
Works across browsers (Edge/Firefox/Chrome/Safari)
Works for each layered component

Activity

Show:
Bartosz Cytrowski
October 1, 2020, 12:45 PM

Hi , to answer your questions: reboot of the instance should fix the issue; more details below:

  1. In general disabling / uninstalling bundled plugins isn’t advised and should come with a warning that it may break your instance. If such warning didn’t appear - that may be an issue we want to investigate. Uninstalling an upgrade of a bundled plugin (which AUI is) always fails to bring up the old version - it’s a known issue. I’m sorry - I should have mentioned that explicitly while advising the tests with the newer plugin version. It would probably save you the issues you have right now.

  2. If you uninstalled the plugin using the Jira UI (not by manually modifying the content of JIRA_HOME directory) then the original AUI plugin is still there and you just need to reboot your instance to make it load properly again.

Please let me know if it worked for you

Maciej Rzymski
October 1, 2020, 1:14 PM

Hi ,
AUI 9.1.2 has landed in Jira and should be available in the following version when released: 8.12.3, 8.13.1, and 8.14.0.

Jira Team

John Van Der Loo
6 days ago

/ can we backport this to AUI 8.7? We’ve just discovered this issue in Bitbucket as well.

Michal Dyro
6 days ago

Hi !

We have just released AUI 8.7.1 with backported fix for this issue.

John Van Der Loo
6 days ago

Awesome thanks , is giving it a try now

Assignee

Bartosz Cytrowski

Reporter

Chris "Daz" Darroch

Labels

None

Changelog entry text

None

Needs Doc

None

Story Points

1

Sprint

None

Fix versions

Priority

Critical
Configure