From 9702e541f27616a5249a140878d028335a0b3775 Mon Sep 17 00:00:00 2001
From: "Anh Thao Pham (pta)" <pta@odoo.com>
Date: Tue, 21 Sep 2021 07:38:09 +0000
Subject: [PATCH] [FIX] web_editor: prevent editing document in iframe with
 cross-origin access issue

- Go to Email Marketing
- Create a new mailing with template having social media links
- Save
- Click on one of the social links
An error is triggered:
"Error: Blocked a frame with origin xxx from accessing a cross-origin frame."

The traceback occurs because we try to change the content of something we
don't have access to, as these sites prevent display in an iframe.

opw-2599540

closes odoo/odoo#76890

Signed-off-by: Nicolas Lempereur (nle) <nle@odoo.com>
---
 addons/web_editor/static/src/js/backend/field_html.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/addons/web_editor/static/src/js/backend/field_html.js b/addons/web_editor/static/src/js/backend/field_html.js
index 02ad16d7f25f..9ad2d27e4c22 100644
--- a/addons/web_editor/static/src/js/backend/field_html.js
+++ b/addons/web_editor/static/src/js/backend/field_html.js
@@ -327,6 +327,11 @@ var FieldHtml = basic_fields.DebouncedField.extend(TranslatableFieldMixin, {
                         return;
                     }
                     var cwindow = self.$iframe[0].contentWindow;
+                    try {
+                        cwindow.document;
+                    } catch (e) {
+                        return;
+                    }
                     cwindow.document
                         .open("text/html", "replace")
                         .write(
-- 
GitLab