[Project_owners] Using nsIWebBrowserStream

Matthew Wilson matthew at mjwilson.demon.co.uk
Mon Jun 8 14:13:19 PDT 2009


Pete wrote:
> 2009/6/8 Pete <sneakypete81 at gmail.com>:
>> I'm looking for a way of injecting an untrusted HTML string into a chome
>> iframe.

I needed to do something similar. I assume you want to prevent security 
bypasses from the untrusted content.

My eventual solution was far from elegant but worked OK: to create a 
"data:" URL containing the encoded form of the document, then to use 
document.getElementById("xxx").webNavigation.loadURI with that URL.

This might also be of help:
http://adblockplus.org/blog/displaying-web-content-in-an-extension-without-security-issues

Matthew


More information about the Project_owners mailing list