Javascript errors from Google Adsense

Google's trying to exploit a browser quirk whereby some browsers ignore the same-origin policy for windows with about:blank as the URL, allowing that window to submit XMLHttpRequest or, in this case, postMessage requests to any site.

As far as I know, browsers have recently been disabling this behaviour. You must have one such patched browser.

Hopefully, this broken functionality doesn't affect your ability to earn money from the ads.

It's annoying for your site to generate Javascript errors through no fault of your own, but it is a possibility you must accept when you run someone else's Javascript on your page.

It's normal because your browser prevents CSRF attacks from other websites.

To allow googleads... to access your website and solve this problem, create a file named crossdomain.xml in your webroot and fill it with the following content:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy 
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="googleads.g.doubleclick.net" />
</cross-domain-policy>

To test it, go to your domain http://your-domain.com/crossdomain.xml and make sure there are no errors for that page. You also allowed to use wildcards, etc (look at reference). When you're done, refresh your page. Hope that helps.

Live example: http://www.blanjamudah.com/crossdomain.xml

Reference: http://en.wikipedia.org/wiki/Cross-site_request_forgery http://curtismorley.com/2007/09/01/flash-flex-tutorial-how-to-create-a-crossdomainxml-file/

A crossdomain.xml file in the site root allowing access to googleads.g.doubleclick.net should fix it.

See this page, http://www.warriorforum.com/adsense-ppc-seo-discussion-forum/458906-adsense-blank-space-problem.html

Google have messed up their script. There's not much you can do about it.

For some reason http://pagead2.googlesyndication.net/pagead/expansion_embed.js, included in the parent page by the AdSense scripts, is trying to send information about the advert into a newly-written <iframe> created to hold the advert, using the new HTML5 postMessage facility:

            ha(this, function (f, e) {
                d[Pa](this.a[A]+"|"+f+":"+e, this.la)
            });

Yeah. Some nice minified/obfuscated code there. Trust me, Pa is 'postMessage'!

The targetOrigin argument in this call, this.la is set to http://googleads.g.doubleclick.net. However, the new iframe was written with its src set to about:blank. This doesn't match the target origin, so the browser must refuse to send the message. Only Chrome seems to be dropping an actual whinge to the console log about it though.

No idea why it's doing this at all, never mind why it's not just using '*' as a target origin... I'm not really feeling like wading into the obfuscated script to find out. However, this error should not cause page loading to slow down. If you're seeing pauses it's usually resolving and fetching other external scripts.