Axel (or anyone else out there),
Thanks for the help on about:blank security (previous post). If you don't mind I'll expand the question:
I have javascript (in the chrome window of my app) that: loads an xml document into a DOM object, transforms it with xslt, and writes it into an iframe. Will javascript that resides in the new iframe document still have a security problem trying to access properties/objects/methods that reside in the chome window containing the iframe?
I noticed that mozilla bug#208912 seems to address this and that it was resolved in release 1.4.1 ... I'll have to give it a try with the new release.
My question: When I get the result from an xslt transform should I write the result into the iframe in the same way using the document .open and .write methods:
==========================
//Create the DOMs
var XMLDOM = document.implementation.createDocument("", "", null);
XMLDOM.async = false;
var XSLDOM = document.implementation.createDocument("", "", null); XSLDOM.async = false;
//Load in the documents and do the xslt transform XMLDOM.load("chrome://myapp/content/xmlDoc.xml"); XSLDOM.load("chrome://myapp/content/xslDoc.xsl"); XSLTProcessor.importStylesheet(XSLDOM); var transformResult = XSLTProcessor.transformToDocument(XMLDOM);
transformToFragment.
//Write the transfore result into the iframe document var doc = window.frames["iframeMain"].document;
This frame should contain as much as possible of the result document. And something like a <div id="xsltresult"></div>
And then do
d = window.frames["iframeMain"].document;
var resultFragment = xsltproc.transformToFragment(XMLDOM, d);
div = d.getElementById("xsltresult");
while (div.lastChild) div.removeChild(div.lastChild);
div.appendChild(resultFragment);This will take care that the nodes in the result belong to the right document, getting the right privs.
Axel
doc.open( ); doc.write(transformResult); doc.close( ); ==========================
...or is there a better way to get the transformResult into the iframe?
Thanks. mawrya
