I have in user.js:
user_pref("capability.policy.open.HTMLDocument.documentElement", "allAccess");
user_pref("capability.policy.open.HTMLHtmlElement.innerHTML", "allAccess");
Then run from onload event on an iframe
y = document.getElementById("foo"); // Get the iframe
d = y.contentDocument; // Get its document
alert("done1" + d); // OK, say: done1[object HTMLDocument]
dd = d.documentElement; // Get its document element
alert("done2" + dd); // OK, say: done2[HTMLHtmlElement]
bs = dd.innerHTML; // Error: NS_DOM_SECURITY_ERR ???
alert("done!"); // Dont get here!Is this a bug in Security Policies or in my mind?
Any pointer to good docs on this subject?
/LaH _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
