On Thu, Sep 10, 2009 at 11:54 AM, Colin Bleckner<[email protected]> wrote: > I just noticed that a recent Chrome update broke part of my extension > (although I'm not sure which one). My extension has a setup wizard file > that inserts a server-side HTML file into a frame to display the actual > setup wizard. The setup wizard then watches for page turns in the > frame, setting any local settings that need to be set. My code looks > like this: > > var wizard = frames["wizard"]; > var flags = wizard.document.getElementsByName("_flag"); > > Attempting to access that server-side frame now generates this error in > Chrome: "Unsafe JavaScript attempt to access frame with URL > http://login.xmarks.com/wizard from frame with URL > chrome-extension://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/setupwizard.html. > Domains, protocols and ports must match."
Yes, this was purposely turned off, as part of tightening the various security bolts. > Is there a way I can work around this and do something similar to access > the frame's content from my extension or has this been purposely turned > off? If that's the case, I suppose the right answer is to use a content > script on my server-side HTML and send messages back to the extension > from it? Yes, you can use the standard HTML5 postMessage() method to communicate between frames of different origins: http://ejohn.org/blog/cross-window-messaging/ - a --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en -~----------~----~----~----~------~----~------~--~---
