[Project_owners] DOM security in Firefox 3
updatescanner at gmail.com
updatescanner at gmail.com
Sun Feb 24 15:05:59 PST 2008
Solution found - add: src="chrome://" attribute to the iframe.
It seems that about:blank (the default url) is in a different security
domain to the chrome script trying to write to it. The above attribute
puts the iframe into the chrome domain, so open() works.
I still suspect this is a bug.. can anyone think of a reason for
restricting chrome access to an iframe displaying about:blank?
-Pete
updatescanner.mozdev.org
On 24/02/2008, updatescanner at gmail.com <updatescanner at gmail.com> wrote:
> On 24/02/2008, Ezequiel Calderara <ezechico at gmail.com> wrote:
> > Did u see in which line it's throwing the error?.
> > Is in the close(), in the write() or in the open() ?
>
>
> It is the open() that is causing the error.
>
> To recreate, put the following in an xul file somewhere in your
> chrome, navigate to it and click the button. In Firefox 3 when loaded
> from chrome:// you get an alert with "opening", then the security
> error appears in the error console and nothing more happens.
>
> <?xml version="1.0"?>
> <window xmlns:html="http://www.w3.org/1999/xhtml"
> xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
>
> <iframe id="simple-content" flex="1"/>
>
> <button label="click me" onclick="var doc =
>
> window.frames[0].document;alert('opening');doc.open(
> );alert('open');doc.write('Come fly with me
> ...');alert('written');doc.close( );alert('closed')"/>
> </window>
>
More information about the Project_owners
mailing list