Change the contentDocument attribute and the getSVGDocument() method of HTMLEmbedElement, HTMLIframeElement, and HTMLObjectElement to return null on cross-origin access, rather than throwing an exception.



Specification link

Unknown standards status - check spec link for status

Status in Chromium


In development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.



Note that Edge and Safari both match current Chrome behavior. Firefox is the only browser that returns null on cross-origin access. It is possible that there are documents that catch the thrown exception and using it to do something different when thrown (e.g. using postMessage to communicate with the cross-origin context instead). However, given that Firefox behavior has differed for several years, I suspect that is not likely to be an issue.

Last updated on 2022-01-21