2

I'm currently developping a firefox extension which basically insert an iframe in the current page when the user click on the extension icon. I managed to insert the iframe code, I figured out how to link the src attribute to my html file.

In the chrome version, I simply do a 

 var main_html = chrome.extension.getURL('main.html');

And I pass the link to the src attribute of the iframe like that :

 iframe.setAttribute("src",main_html);

So main_html is a link like resource://idofmyextension/content/data/main.html

But, as I suspected, I get a security error telling me that the content located at the current url cannot load data or establish a link to my main.html file.

Is there a way to pass this security restriction ? Or another way to load my html file in my iframe ?

Thanks in advance.

Morgan
  • 93
  • 1
  • 10
  • See answers there, it is a newer thread about the same topic with more answers: http://stackoverflow.com/questions/21082162/firefox-addon-sdk-loading-addon-file-into-iframe – Roland Pihlakas Feb 08 '15 at 18:25

1 Answers1

3

I'm assuming the usage of the Addon SDK, that is more similar to Google Chrome extensions development, than the regular XUL development in Firefox. However, the approach I'm explaining here works also without the Add-on SDK.

In Add-on SDK is not currently possible, but there is some working about it, see Bug 820213.

The only workaround that comes to my mind at the moment, is using data: url. So, instead having:

const { data } = require("self");

let url = data.url("main.html");

// pass the url to the iframe

You will have:

const { data } = require("self");

let content = encodeURIComponent(data.load("main.html"));
let url = "data:text/html;charset=utf-8," + content;

// pass the url to the iframe

Notice the data.load instead of data.url: you basically load the content of the resource and use that as data url. It's ugly but at least can be used in some cases until a proper fix.

Hope it helps!

ZER0
  • 24,846
  • 5
  • 51
  • 54
  • 1
    I guess I am new to this, but what exactly do you mean when you say "pass the url to the iframe"? It's not ``, so what is it? – DJG Sep 26 '13 at 19:33
  • This won't work properly. many websites, glowingly, have the content privacy policy restricting the src of iframes to same origin urls. so not inline content nor external files will be loaded to iframe. [have a look](https://bugzilla.mozilla.org/show_bug.cgi?id=792479) – Reyraa May 04 '15 at 09:43
  • I know very well that's bug since is mentioned – indirectly, since the redirect – to my original answer: you can see my participation there. My answer is intended of course where CSP is not involved. For the sites using CSP, you can make it working intercepting the http response from the website in your add-on, and modifying the CSP at runtime. That's, until the bug is fixed. It's, of course, a lot of work more to do, and at that time it wasn't seems to be the scenario of the OP. – ZER0 May 05 '15 at 10:37