26

I'm using Execute JS to write and test Javascript code within Firefox. I want to open a new tab/window and write something to it and I tried

var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"].getService(Components.interfaces.nsIWindowMediator);
var win = wm.getMostRecentWindow("navigator:browser");
printWindow = win.open("about:blank");
printWindow = wm.getMostRecentWindow("navigator:browser");
printWindow.gBrowser.selectedBrowser.contentDocument.write('hello');

And

myWindow=window.open('','','width=200,height=100')
myWindow.document.write("<p>This is 'myWindow'</p>")
myWindow.focus()

However I always get this error

[Exception... "The operation is insecure." code: "18" nsresult: "0x80530012 (SecurityError)"

Is there any way to get through this exception?

Wladimir Palant
  • 56,865
  • 12
  • 98
  • 126
Teiv
  • 2,605
  • 10
  • 39
  • 48
  • "Exception: The operation is insecure" is a bug on Firefox default console (https://bugzilla.mozilla.org/show_bug.cgi?id=663406), it doesn't happen with Firebug console on Firefox and Chromium default console, I commented here https://stackoverflow.com/questions/12898528/loading-an-iframe-from-a-string-variable-in-xulrunner#comment41391652_12911226 – baptx Oct 14 '14 at 18:03

3 Answers3

33

Top-level navigation to data URLs has been blocked in Chrome, Firefox (with some exceptions), IE, and Edge (and likely other browsers to boot). They are apparently commonly used for phishing attacks, and major browser vendors decided that the danger outweighed the value provided by legitimate use cases.

This Mozilla security blog post explains that Firefox will block

  • Web page navigating to a new top-level data URL document using:
    • window.open("data:…");
    • window.location = "data:…"
    • clicking <a href="data:…"> (including ctrl+click, ‘open-link-in-*’, etc).
  • Web page redirecting to a new top-level data URL document using:
    • 302 redirects to "data:…"
    • meta refresh to "data:…"
  • External applications (e.g., ThunderBird) opening a data URL in the browser

but will not block

  • User explicitly entering/pasting "data:…" into the address bar
  • Opening all plain text data files
  • Opening "data:image/*" in top-level window, unless it’s "data:image/svg+xml"
  • Opening "data:application/pdf" and "data:application/json"
  • Downloading a data: URL, e.g. ‘save-link-as’ of "data:…"

You can also read the proposal to deprecate and remove top-frame navigation to data URLs in Chrome and view the current Chrome status indicating that is has been removed.

As for how to actually open HTML in a new tab or window, this should be sufficient:

var tab = window.open('about:blank', '_blank');
tab.document.write(html); // where 'html' is a variable containing your HTML
tab.document.close(); // to finish loading the page

Note that at least in Chrome, external scripts injected via document.write might not be loaded on slower connections. That might not be relevant here, but something to watch out for.

James T
  • 607
  • 6
  • 9
  • 1
    This will open the address that you are currently on in a new tab. You probably meant `window.open("about:blank", "_blank")`. Also, the browser will switch to the new tab automatically, calling `.focus()` is pointless. – Wladimir Palant Feb 28 '18 at 09:30
  • Gotcha - thanks for the info! I'll go ahead and make that edit (and adopt it into my own code). Thanks for fixing my formatting, as well. – James T Mar 01 '18 at 14:58
  • This is the first working solution for me. I am trying it on Google Chrome – Mariusz Oct 08 '19 at 07:18
  • What if I don't use `tab.document.close();` ? – DevonDahon Sep 16 '22 at 07:38
24

Edit: As of 2018, this solution no longer works. So you are back to opening about:blank in a new window and adding content to it.

Don't "write" to the window, just open it with the contents you need:

var data = "<p>This is 'myWindow'</p>";
myWindow = window.open("data:text/html," + encodeURIComponent(data),
                       "_blank", "width=200,height=100");
myWindow.focus();

For reference: data URIs

Wladimir Palant
  • 56,865
  • 12
  • 98
  • 126
  • Thanks a lot the code is working fine but I'm wondering how can I append new data to this newly opened window? – Teiv Aug 15 '12 at 10:23
  • 2
    Use [DOM methods](https://developer.mozilla.org/en-US/docs/DOM/Node.appendChild)? – Wladimir Palant Aug 15 '12 at 12:09
  • So I try this code http://pastebin.com/n1znvdYk like you tell me but it seems that the new element is not appended to the document at all. Can you fix this for me please? – Teiv Aug 15 '12 at 13:13
  • 1
    @user433531: Give the window a chance to load? [`myWindow.addEventListener("load", ..., false)`](https://developer.mozilla.org/en-US/docs/DOM/element.addEventListener) – Wladimir Palant Aug 15 '12 at 13:19
  • I've got a ton of data to write and Firefox just hangs ("Not Responding") in Windows. :-( – Emery Lapinski Feb 17 '14 at 21:39
  • @user2259571: Not really a reason to downvote a perfectly good solution. – Wladimir Palant Feb 20 '14 at 11:05
  • The solution doesn't work for me (or at least not for my purpose). That's as good a reason to downvote as any isn't it? – Emery Lapinski Feb 25 '14 at 04:44
  • @user2259571: The solution is correct, it solves the problem. What you are talking about needs to be filed under https://bugzilla.mozilla.org/ (assuming that the issue isn't caused by extensions). – Wladimir Palant Feb 25 '14 at 08:01
  • Firefox is starting to block top-level navigation to data URLs - the browser will immediately close the new window. See https://blog.mozilla.org/security/2017/11/27/blocking-top-level-navigations-data-urls-firefox-58/ – James T Feb 27 '18 at 22:39
  • Chrome has also blocked it: https://www.chromestatus.com/feature/5669602927312896 – James T Feb 27 '18 at 22:44
  • if you want open in new tab on the same browser its enough to put in javascript: `open( 'http://www.someth.com ', '','')`; – paka Aug 29 '18 at 09:02
  • 3
    This is not working anymore, maybe something changed in Google Chrome. – Mariusz Oct 08 '19 at 07:17
4
var winPrint = window.open('', '', 'left=0,top=0,width=800,height=600,toolbar=0,scrollbars=0,status=0');
winPrint.document.write('<title>Print  Report</title><br /><br /> 
Hellow World');
winPrint.document.close();

window.open(uri) does not work in chrome as of 2018

Diwakar Raja
  • 37
  • 2
  • URIs in general aren't being blocked - data URLs are. Apparently they are commonly used for phishing attacks. Both Chrome and Firefox are blocking it - see the [Mozilla security blog post](https://blog.mozilla.org/security/2017/11/27/blocking-top-level-navigations-data-urls-firefox-58/), the [Chrome intent to deprecate and remove post](https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/GbVcuwg_QjM%5B1-25%5D), and the [Chrome status post indicating that it has been removed](https://www.chromestatus.com/feature/5669602927312896). – James T Feb 27 '18 at 22:53
  • Uncaught SyntaxError: Invalid or unexpected token – Fernando Torres Sep 02 '20 at 07:01