XPCComponents, unsafeWindow and newer Geckos
Mr Warper
I'm developing a little user script that needs to know the user profile location
(yes, it really needs to know it). In normal Javascript, the following code works:
...
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
var dirService =
Components.classes["@mozilla.org/file/directory_service;1"].getService(Components.interfaces.nsIProperties);
var pFolder = dirService.get("ProfD", Components.interfaces.nsIFile);
alert(pFolder.path);
...
without any problems while in GreaseMonkey javascript I need to use the ugly
unsafeWindow, like this:
unsafeWindow.netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
var dirService =
Components.classes["@mozilla.org/file/directory_service;1"].getService(Components.interfaces.nsIProperties);
var pFolder = dirService.get("ProfD", Components.interfaces.nsIFile);
I'm not completely happy about this, but as long as it works I don't care a
whole lot because that's the only point where my script has to deal with
XPConnect stuff.
The problem is that this code works flawlessly in FX 2.0.0.17, seems not to work
at all in FX 3.0.6 (I'm not very interested in that one anyway) and in FX 3.6.8
the unsafeWindow line throws the following error through the javascript console:
Permission denied for <file://> to get property XPCComponents.classes
As we switch to newer Gecko browsers this becomes more of an issue, so I'd be
really grateful to get some help to get completely rid of the unsafeWindow
invocation through more 'polite' privilege access methods, or get this
unsafeWindow thing to work with newer Gecko browsers...
Any ideas out there?
Thanks in advance,
Alfredo Fern�ndez.
Sam L
server http:// resolve this problem?
wherever the page is usage of unsafeWindow will expose your script to
that page's scripts
Anthony Lieuallen
> In normal Javascript, the following code works:
> ...
> netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
> Any ideas out there?
If you really _have_ to do that, then I'd advise that you just make sure
your code actually runs in the page context where it works.
http://wiki.greasespot.net/Location_hack
or
http://wiki.greasespot.net/Content_Scope_Runner
Mr Warper
Sam L wrote:
> if permission is denied for file:// might locating the page on a web
> server http:// resolve this problem?
I guess so, but this is not what I want to do. See below...
> wherever the page is usage of unsafeWindow will expose your script to
> that page's scripts
>
> On Wed, Aug 4, 2010 at 11:31 AM, Mr Warper <mrwa...@gmail.com> wrote:
>> Permission denied for <file://> to get property XPCComponents.classes
>
Anthony Lieuallen wrote:
> On 08/04/10 11:31, Mr Warper wrote:
>> In normal Javascript, the following code works:
>> ...
>> netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
>> ...
>> Any ideas out there?
>
> If you really _have_ to do that, then I'd advise that you just make sure
> your code actually runs in the page context where it works.
>
> http://wiki.greasespot.net/Location_hack
> or
> http://wiki.greasespot.net/Content_Scope_Runner
>
Turns out I actually forgot to mention this:
I _want_ to run a GM script against pages that I have saved to disk and edited
previously to tweak them up a bit (hence the 'file://' bit of the error), so I'm
pretty sure I'm safe since I'm not exposing my ProfD location or anything to
something I haven't cleaned up before.
And so remains my original question :)
Regards,
cc
Anthony's suggestion, actually, was intended to help with that -- have
you tried using the location hack as linked to eliminate the usage of
unsafeWindow?
--
cc | pseudonymous |<http://carlclark.mp/>
--
I said "NO" to drugs, but they didn't listen. �= tagzilla.mozdev.org
Mr Warper
cc escribi�:
> On 2010-08-04 08:57, Mr Warper wrote:
...
>> I _want_ to run a GM script against pages that I have saved to disk
>> and edited previously to tweak them up a bit (hence the 'file://' bit
>> of the error), so I'm pretty sure I'm safe since I'm not exposing my
>> ProfD location or anything to something I haven't cleaned up before.
>>
>> And so remains my original question :)
>
> Anthony's suggestion, actually, was intended to help with that -- have
> you tried using the location hack as linked to eliminate the usage of
> unsafeWindow?
I don't think it can be done that way. Let's give a bit more background and see
what you guys think:
I have this cross-browser javascript application (a 60kb javascript file, bits
of HTML, and CSSs) to do stuff on local HTML files. I want to keep it
cross-browser, so I'm not making it into a Gecko extension (yet). For it to work
all I need is to insert a <script> tag in the local file I want to process with
it and then I can use it.
I only intend to use a small GM stub to ask me if I want to attach the
application to local files loaded in the browser, and start it in such case, to
avoid manually the need to edit every HTML file I might generate or save to disk.
It is this GM stub loader what uses unsafeWindow to find out where my ProfD is
via XPCComponents, adds a <script> element pointing to the file via its src
attribute. The application then does its stuff just like if I had manually
edited the file to add that <script> element.
These are my problems here, in order of importance:
2) I don't like using unsafeWindow so any more 'polite' methods are welcome,
even if that implies popping up some mozilla dialog warning me about what I know.
1) My current code works OK in GM 0.8.6 on FX 2.0.0.17 but throws this message
error about permissions in FX 3.6.8 (didn't see the error message on FX 3.0.6)
so I expect it to stop working at all in the near future unless something can be
done.
So what do you guys think?
Regards,