[client] Exception “Permission denied to access property "hash"”

[clochix]

Seen in the logs on a user instance:

{"type":"error","error":{"msg":"Error: Permission denied to access property \"hash\"","name":"Error","full":"Error: Permission denied to access property \"hash\"","stack":"HomeView.prototype.displayApplication@https://xxxx.cozycloud.cc/javascripts/app.js:7110:7\nMainRouter</MainRouter.prototype.application@https://xxxx.cozycloud.cc/javascripts/app.js:2793:12\n.route/<@https://xxxx.cozycloud.cc/javascripts/vendor.js:11867:1\n.loadUrl/matched<@https://xxxx.cozycloud.cc/javascripts/vendor.js:12072:11\n_.any@https://xxxx.cozycloud.cc/javascripts/vendor.js:9600:1\n.loadUrl@https://xxxx.cozycloud.cc/javascripts/vendor.js:12070:21\n.checkUrl@https://xxxx.cozycloud.cc/javascripts/vendor.js:12062:7\njQuery.event.dispatch@https://xxxx.cozycloud.cc/javascripts/vendor.js:3380:15\njQuery.event.add/eventHandle@https://xxxx.cozycloud.cc/javascripts/vendor.js:3000:6\n"},"url":"https://xxxx.cozycloud.cc/javascripts/app.js","line":7110,"col":6,"href":"https://xxxx.cozycloud.cc/#apps/konnectors/"}

This probably happens when trying to access location.hash in displayApplication method of HomeView in main.js.

[clochix]

I'm unable to reproduce this one, so I just added a try - catch so this exception won't prevent application to open.

[aenario]

This could happens only if the content of the iframe was not a page from the the same cozy. It could indicate a XSS/fishing attempt, or more probably a broken link in konnectors app. Anyway, it would be safer to redirect the iframe to app's root if we get in this case. Better to keep the issue open.