On Nov 23, 11:50 am, Boris Zbarsky <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > I think we have been a little bit on different wavelengths. I presumed
> > that what I was seeing was a common issue that others already had a
> > solution for, and that it was not necessarily a bug. So this is great,
> > we're finally on the same wavelength.
>
> OK, sounds good!
>
> > To get to your specifics, the approach is the latter of your two
> > above. The specific code is:
> > document.getElementById
> > (IFRAMEnum).contentDocument.documentElement.innerHTML
>
> Odd. Here's a test document I wrote up:
>
> <!DOCTYPE html>
> <html>
> <head>
> <script>
> function doIt() {
>
> netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
>
> alert(document.getElementsByTagName("iframe")[0].contentDocument.documentElement.innerHTML);
> }
> </script>
> </head>
> <body onload="doIt()">
> <iframe src="http://web.mit.edu/bzbarsky/www/test.html";></iframe>
> </body>
> </html>
>
> When I run it from file and allow the privileges, it works. If I do the
> same, but change the iframe to point to Google and run the file from
> web.mit.edu, and put the following in prefs.js:
>
> user_pref("capability.principal.codebase.p0.granted",
> "UniversalBrowserRead UniversalBrowserWrite");
> user_pref("capability.principal.codebase.p0.id", "http://web.mit.edu";);
> user_pref("capability.principal.codebase.p0.subjectName", "");
> user_pref("signed.applets.codebase_principal_support", true);
>
> then it also works (and I don't get prompted or anything, just get the
> alert). This is all in Firefox 2.0.0.18.
>
> So what's different in your setup?
>
> -Boris
I do a number of things differently that I won't bore you with.
Suffice to say, I was able to create a hybrid of your simplest
approach and the minimum in my code using the user_prefs and was able
to create script that did the cross-domain read in both 2.0.0.17 on XP
and 2.0.0.18 on Vista. So the problem must be in my code not a
regression with the upgrade, but the upgrade appears to have broken my
formerly working script. Thanks for all your help; it gives me
guidance in my debugging.
You may be interested in what that led to. The fact that I was seeing
differences between the two O/Ss in this process, however, made me try
to create the same test using XmlHttpRequest. The code is below for
your own testing. Just insert your favorite test url.
What I found was that 2.0.0.17 and .18 both on XP will work properly.
They alert a number of readyStatus == 3 and then the responseText and
the IFRAME HTML. Finally, they show the number of TABLE elements to
prove they have access to the DOM.
With version 2.0.0.18 on Vista a number of readyStatus == 3 are shown
but a readyState == 4 is never reached. As a result, there is no
responseText alert or any execution after that. Firebug shows that the
GET is still open although the Response looks complete. By comparison,
the Response of 2.0.0.18 on XP is a message that allowDoublePost must
be set. But this is a GET, and it completes correctly! Any thoughts on
that?
Thanks again,
Jim
--
<!DOCTYPE html>
<html>
<head>
<script>
// Insert a url to test
var url = "http:// ";
//
var gHttpRequestObj = null;
function doIt() {
fnAsynchHttpRequest(url);
}
function fnAsynchHttpRequest(url) {
netscape.security.PrivilegeManager.enablePrivilege
("UniversalBrowserRead");
if (typeof XMLHttpRequest != 'undefined')
{
gHttpRequestObj = new XMLHttpRequest();
}
gHttpRequestObj.open('GET', url, true);
gHttpRequestObj.onreadystatechange = fnHttpResponse;
gHttpRequestObj.send(null);
}
function fnHttpResponse() {
netscape.security.PrivilegeManager.enablePrivilege
("UniversalBrowserRead");
alert("readyState: "+gHttpRequestObj.readyState);
if (gHttpRequestObj.readyState == 4)
{
if (gHttpRequestObj.status == 200)
{
alert("responseText\n"+gHttpRequestObj.responseText);
document.getElementById
("buffer0").contentDocument.documentElement.innerHTML =
gHttpRequestObj.responseText;
pageIsComplete();
}
}
}
function pageIsComplete()
{
netscape.security.PrivilegeManager.enablePrivilege
("UniversalBrowserRead");
alert(document.getElementById
("buffer0").contentDocument.documentElement.innerHTML);
var aSourceElems =
document.getElementById
("buffer0").contentDocument.documentElement.getElementsByTagName
("table");
alert("Proving access to the DOM:\nThere are "+aSourceElems.length+
"<table> elems");
}
</script>
</head>
<body onload="doIt()">
<iframe id="buffer0" src=""></iframe>
</body>
</html>
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
