fix: security issue

Muhammad Faraz  Maqsood · Muhammad Faraz  Maqsood · commit b77dc150abd0 · 2025-05-02T11:42:35.000+05:00
- It's related previous PR: https://github.com/openedx/edx-platform/pull/36643/files. - This time followed LMS template(https://github.com/openedx/edx-platform/blob/5b3caa93e218e38e7459bdc1ff99ee175e93a22b/lms/templates/courseware/courseware-chromeless.html#L126C7-L127C42) as we are not getting any error on LMS. Attaching error for context: `Uncaught SecurityError: Failed to read a named property 'offsetHeight' from 'Window': Blocked a frame with origin "https://studio.stage.edx.org/" from accessing a cross-origin frame.`
diff --git a/cms/templates/container_chromeless.html b/cms/templates/container_chromeless.html
@@ -215,8 +215,8 @@
         // it will report the height of its contents to the parent window when the
         // document loads, window resizes, or DOM mutates.
         if (window !== window.parent) {
-            var lastHeight = window.parent[0].offsetHeight;
-            var lastWidth = window.parent[0].offsetWidth;
+            var lastHeight = window.offsetHeight;
+            var lastWidth = window.offsetWidth;
             var contentElement = document.getElementById('content');
 
             function dispatchResizeMessage(event) {
diff --git a/common/templates/xblock_v2/xblock_iframe.html b/common/templates/xblock_v2/xblock_iframe.html
@@ -455,6 +455,9 @@
             // it will report the height of its contents to the parent window when the
             // document loads, window resizes, or DOM mutates.
             if (window !== window.parent) {
+                var lastHeight = window.offsetHeight;
+                var lastWidth = window.offsetWidth;
+
                 function dispatchResizeMessage(event) {
                     // Note: event is actually an Array of MutationRecord objects when fired from the MutationObserver
                     var newHeight = rootNode.scrollHeight;
@@ -469,6 +472,10 @@
                             }
                         }, document.referrer
                     );
+
+                    lastHeight = newHeight;
+                    lastWidth = newWidth;
+
                     // Within the authoring microfrontend the iframe resizes to match the
                     // height of this document and it should never scroll. It does scroll
                     // ocassionally when javascript is used to focus elements on the page
