Hi,
A few months ago, I posted this message :
http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/d95d4d9d82959739/da0875e5639698c2?lnk=gst&q=signed+jar#da0875e5639698c2
I wanted to call JavaScript methods that require special Firefox
privileges from a JSP page
I finally succeeded using this method :
- I created a simple HTML file
- I wrote my JS functions in this HTML file. For example : "function
verifExistenceFenetre(nomFenetre) { ... }"
- I included this HTML file in a signed jar
- In my JSP page that have to call these functions, I wrote :
<object type="text/html" data="jar:<%=
request.getContextPath()%>/js/jsAvecPrivileges.jar!/jsUtilsAvecPrivileges.html"
width="0px" height="0px" name="jsUtilsAvecPrivileges">
</object>
<script type='text/javascript'>
<!--
var jsPriv;
function initJsPriv() {
jsPriv =
document.getElementsByName("jsUtilsAvecPrivileges")[0].contentDocument.defaultView;
}
-->
</script>
=> Then, I can call "jsPriv.verifExistenceFenetre(nomFenetre)" from the
JSP page.
That worked nice on Firefox 2.0.0.14 and previews. But in 2.0.0.15 and
3.0.0.1, I get the following error :
Permission refusée d'obtenir la propriété HTMLDocument.defaultView
http://portable.armor-technologies.net:8080/gcm-web-patients/faces/index.jsp
Line 319 :
317 function initJsPriv() {
318
319 jsPriv =
document.getElementsByName("jsUtilsAvecPrivileges")[0].contentDocument.defaultView;
320
321 }
I wonder if this could be due to vulnerability correction in Firefox
2.0.0.15 : http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
==> But now, how can I get it work again ?
Thanks for any help...
The problem happens on a production webapp, and we can't upgrade Firefox
until this problem is solved, which is very annoying...
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
