I maintain a set of signed XUL jar apps for our company Intranet. In a
few places the XUL page contains an IFRAME tag and the Javascript code
needs to write an HTML document to it.
The code that does this looks like this:
var elem = document.getElementById(id);
netscape.security.PrivilegeManager
.enablePrivilege("UniversalXPConnect");
var doc = elem.contentDocument;
doc.open();
doc.write(html);
doc.close();
Ever since Firefox 2.0.0.13 this code fails. It throws an exception in
the doc.open() call:
[Exception... "Security Manager vetoed action" nsresult: "0x80570027
(NS_ERROR_XPC_SECURITY_MANAGER_VETO)" location: "JS frame ::
jar:https://isengard.arcamax.com:2020/db/jar/gallerybuilder.jar!/lib.js
:: ShowHTML :: line 584" data: no]
Note that there is no problem in Firefox 2.0.0.12 and Firefox 3 Beta 5.
It fails in 2.0.0.13 and 2.0.0.14.
I have a similar problem in a related context. In that case I need to
examine the contents of an element inside the I frame. It seems as if
any access to an iframe contentDocument is now disallowed.
I would like to find a work-around for these issues.
Bryan
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
