[Project_owners] DOM security in Firefox 3

updatescanner at gmail.com updatescanner at gmail.com
Sun Feb 24 02:52:17 PST 2008

I'm having an security issue in firefox 3 when writing to iframes
inside an XUL window.

Here is a code snippet adapted from

<iframe id="simple-content" />
<button label="click me" onclick="var doc =
window.frames[0].document;doc.open( );doc.write('Come fly with me
...');doc.close( );"/>

FF2: When I open this as a file (file:///...) or as chrome
(chrome://...), it works as expected - the text appears in the iframe.

FF3: When I open it as a file it works. When I open it as chrome, I
get the following error:

Error: uncaught exception: [Exception... "Security error"  code:
"1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location:

I realise security has been upped in firefox 3, but this seems like a
reasonable thing to want to do. Does anyone have any ideas? Is this
expected behaviour, or should I file a bug?


More information about the Project_owners mailing list