James Newell wrote:
"XML", a property of the package component, contains an XML Document
returned from an nsIXMLHttpRequest. Unprivileged JS can access this
object but each of the XML Documents and methods are in-accessible:
Error: uncaught exception: Permission denied to get property
XMLDocument.textContent
What am I doing wrong?
You're creating an XMLDocument in security context A and trying to use it from
security context B. This is typically called an "XSS Attack" when used on the
web... And we generally try to not allow it to happen.
More precisely, the issue is that the XMLDocument returned by XMLHttpRequest
doesn't have a security context of its own, so it uses the security context of
whoever called XMLHttpRequest.
-Boris
_______________________________________________
dev-tech-xpcom mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-xpcom
