Fixed adam-p#435: console errors on cross-origin iframes-with-iframes

This is related to adam-p#173, but the fix for that didn't check deeply enough.

Author: adam-p

Diff for: src/common/CHANGES.md

@@ -1,6 +1,13 @@
 Change Log
 ==========
 
+2017-xx-yy: v2.13.3
+--------------------
+
+* [Fixed bug #435](https://github.com/adam-p/markdown-here/issues/435): On some pages, Markdown Here would spew cross-origin exceptions to the console. This was due to MDH trying to determine if a focused iframe-within-an-iframe was renderable.
+  - Thanks to [lincoln-b](https://github.com/lincoln-b) for reporting it.
+
+
 2017-05-26: v2.13.1
 --------------------
 

Diff for: src/common/markdown-here.js

@@ -60,24 +60,39 @@ var mylog = function() {};
 function findFocusedElem(document) {
   var focusedElem = document.activeElement;
 
-  // Fix #173: https://github.com/adam-p/markdown-here/issues/173
-  // If the focus is in an iframe with a different origin, then attempting to
-  // access focusedElem.contentDocument will fail with a `SecurityError`:
-  // "Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://jsbin.io" from accessing a cross-origin frame."
-  // Rather than spam the console with exceptions, we'll treat this as an
-  // unrenderable situation (which it is).
-  try {
-    var accessTest = focusedElem.contentDocument;
+  // Tests if it's possible to access the iframe contentDocument without throwing
+  // an exception.
+  function iframeAccessOkay(focusedElem) {
+    // Fix #173: https://github.com/adam-p/markdown-here/issues/173
+    // Fix #435: https://github.com/adam-p/markdown-here/issues/435
+    // If the focus is in an iframe with a different origin, then attempting to
+    // access focusedElem.contentDocument will fail with a `SecurityError`:
+    // "Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://jsbin.io" from accessing a cross-origin frame."
+    // Rather than spam the console with exceptions, we'll treat this as an
+    // unrenderable situation (which it is).
+    try {
+      var _ = focusedElem.contentDocument;
+    }
+    catch (e) {
+      // TODO: Check that this is actually a SecurityError and re-throw if it's not?
+      return false;
+    }
+
+    return true;
   }
-  catch (e) {
-    // TODO: Check that this is actually a SecurityError and re-throw if it's not?
+
+  if (!iframeAccessOkay(focusedElem)) {
     return null;
   }
 
   // If the focus is within an iframe, we'll have to drill down to get to the
   // actual element.
   while (focusedElem && focusedElem.contentDocument) {
     focusedElem = focusedElem.contentDocument.activeElement;
+
+    if (!iframeAccessOkay(focusedElem)) {
+      return null;
+    }
   }
 
   // There's a bug in Firefox/Thunderbird that we need to work around. For