[jetpack] On iframes and the hidden window
16 views
Skip to first unread message
Felipe Gomes (:felipe)
May 6, 2010, 2:09:06 PM5/6/10
to mozilla-labs-jetpack
Hello all,
yesterday I spent some time discovering why some features of the Page
Worker involving the hidden window worked on Mac but not on Windows
(or Linux), and how to fix that, and here I'll write a hopefully short
summary for two reasons: 1, because I want more people to take a look
on the solution and see if it's indeed reliable, and 2, for future
reference, this might be useful.
The main problem is that the hidden window is different on the
platforms, but the difference is two-fold: on Mac it's a .xul file
from a chrome:// URL, and on Windows it's an .html file from a resource://
URL.. This makes it be more restricted on Windows.
By default, when we go by inserting a <xul:iframe type="content" />
element, and we try to access the contentWindow, we get the following
error on non-mac:
"Permission denied for file at resource://gre-modules/ to create
wrapper for UnnamedClass"
It looks like this is due to cross-doc checks, and a resource:// file
won't allow it. If it was a <html:iframe> this would be possible, but
we can't load untrusted content on it. The solution is to load a
trusted chrome:// URL inside an <html:iframe>, and then inside it we
have the <xul:iframe type="content"> which allows us to load any
content.
The final scheme looks like this:
-- hiddenWindow.html --
<html:iframe src="chrome://jetpack/page-worker-host.xul">
--- which is ---
<xul:iframe type="content" />
</html:iframe>
-- --
The only downside is that we would have to ship the chrome:// .xul
file... I've tried to find an existing blank .xul file in the browser
that we could reuse, but I didn't find any.
Finally, the root of the problem is that we're trying to use the
hiddenWindow much beyond its original purposes. I'm looking into how
we can make improvements on that on the platform, and hopefully make
this a 3.6-only workaround.
Felipe
--- if you're interested in more details, here are other things I
tried first, but didn't work ---
- using the host .xul file via a data url: doesn't work, it needs to
be chrome://
- elevating the page privileges via
netscape.security.PrivilegeManager: still gives permission denied
- running `iframe.contentWindow` on a sandbox with a system principal:
still gives permission denied
--
You received this message because you are subscribed to the Google Groups "mozilla-labs-jetpack" group.
To post to this group, send email to mozilla-la...@googlegroups.com.
To unsubscribe from this group, send email to mozilla-labs-jet...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mozilla-labs-jetpack?hl=en.
yesterday I spent some time discovering why some features of the Page
Worker involving the hidden window worked on Mac but not on Windows
(or Linux), and how to fix that, and here I'll write a hopefully short
summary for two reasons: 1, because I want more people to take a look
on the solution and see if it's indeed reliable, and 2, for future
reference, this might be useful.
The main problem is that the hidden window is different on the
platforms, but the difference is two-fold: on Mac it's a .xul file
from a chrome:// URL, and on Windows it's an .html file from a resource://
URL.. This makes it be more restricted on Windows.
By default, when we go by inserting a <xul:iframe type="content" />
element, and we try to access the contentWindow, we get the following
error on non-mac:
"Permission denied for file at resource://gre-modules/ to create
wrapper for UnnamedClass"
It looks like this is due to cross-doc checks, and a resource:// file
won't allow it. If it was a <html:iframe> this would be possible, but
we can't load untrusted content on it. The solution is to load a
trusted chrome:// URL inside an <html:iframe>, and then inside it we
have the <xul:iframe type="content"> which allows us to load any
content.
The final scheme looks like this:
-- hiddenWindow.html --
<html:iframe src="chrome://jetpack/page-worker-host.xul">
--- which is ---
<xul:iframe type="content" />
</html:iframe>
-- --
The only downside is that we would have to ship the chrome:// .xul
file... I've tried to find an existing blank .xul file in the browser
that we could reuse, but I didn't find any.
Finally, the root of the problem is that we're trying to use the
hiddenWindow much beyond its original purposes. I'm looking into how
we can make improvements on that on the platform, and hopefully make
this a 3.6-only workaround.
Felipe
--- if you're interested in more details, here are other things I
tried first, but didn't work ---
- using the host .xul file via a data url: doesn't work, it needs to
be chrome://
- elevating the page privileges via
netscape.security.PrivilegeManager: still gives permission denied
- running `iframe.contentWindow` on a sandbox with a system principal:
still gives permission denied
--
You received this message because you are subscribed to the Google Groups "mozilla-labs-jetpack" group.
To post to this group, send email to mozilla-la...@googlegroups.com.
To unsubscribe from this group, send email to mozilla-labs-jet...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mozilla-labs-jetpack?hl=en.
Benjamin Smedberg
May 7, 2010, 3:57:19 PM5/7/10
to mozilla-la...@googlegroups.com, Felipe Gomes (:felipe)
On 5/6/10 2:09 PM, Felipe Gomes (:felipe) wrote:
> The final scheme looks like this:
>
> -- hiddenWindow.html --
> <html:iframe src="chrome://jetpack/page-worker-host.xul">
> --- which is ---
> <xul:iframe type="content" />
> </html:iframe>
> -- --
Why are you doing this in the hidden window, instead of in a window (hidden)
> The final scheme looks like this:
>
> -- hiddenWindow.html --
> <html:iframe src="chrome://jetpack/page-worker-host.xul">
> --- which is ---
> <xul:iframe type="content" />
> </html:iframe>
> -- --
specially created for jetpack? The primary concern here is that you can't
create these frames in a normal browser windows because the user might close
them and the frames would go away unexpectedly, right?
We definitely ought to fix this for 3.7 to give you something like a
headless docshell. Can you file a bug on that, if there isn't one already?
--BDS
Felipe Gomes (:felipe)
May 7, 2010, 4:21:56 PM5/7/10
to mozilla-labs-jetpack
On May 7, 4:57 pm, Benjamin Smedberg <benja...@smedbergs.us> wrote:
> On 5/6/10 2:09 PM, Felipe Gomes (:felipe) wrote:
>
> > The final scheme looks like this:
>
> > -- hiddenWindow.html --
> > <html:iframe src="chrome://jetpack/page-worker-host.xul">
> > --- which is ---
> > <xul:iframe type="content" />
> > </html:iframe>
> > -- --
>
> Why are you doing this in the hidden window, instead of in a window (hidden)
> specially created for jetpack? The primary concern here is that you can't
> create these frames in a normal browser windows because the user might close
> them and the frames would go away unexpectedly, right?
the only webshell
that outlives the normal browser windows and exists through the entire
app duration.
>
> We definitely ought to fix this for 3.7 to give you something like a
> headless docshell. Can you file a bug on that, if there isn't one already?
plan! I haven't filed
yet because I'm looking into understanding more exactly how to file
this. From what I could
see in the code, creating more hidden windows is apparently not too
difficult, but I wonder
if there are even more stuff that we don't have to have attached for
this to work
(you naming it as "headless docshell" really gives a good direction to
go).
Felipe
Atul Varma
May 7, 2010, 4:30:20 PM5/7/10
to mozilla-la...@googlegroups.com, Felipe Gomes (:felipe)
On 5/7/10 1:21 PM, Felipe Gomes (:felipe) wrote:
>
>> We definitely ought to fix this for 3.7 to give you something like a
>> headless docshell. Can you file a bug on that, if there isn't one already?
>>
> Yeah, will do. Dietrich and I talked about that and it sounds like the
> plan! I haven't filed
> yet because I'm looking into understanding more exactly how to file
> this. From what I could
> see in the code, creating more hidden windows is apparently not too
> difficult, but I wonder
> if there are even more stuff that we don't have to have attached for
> this to work
> (you naming it as "headless docshell" really gives a good direction to
> go).
>
Wow. FWIW, this would be amazing, not only for Jetpack and extensions in
>
>> We definitely ought to fix this for 3.7 to give you something like a
>> headless docshell. Can you file a bug on that, if there isn't one already?
>>
> Yeah, will do. Dietrich and I talked about that and it sounds like the
> plan! I haven't filed
> yet because I'm looking into understanding more exactly how to file
> this. From what I could
> see in the code, creating more hidden windows is apparently not too
> difficult, but I wonder
> if there are even more stuff that we don't have to have attached for
> this to work
> (you naming it as "headless docshell" really gives a good direction to
> go).
>
general, but also for Web Developers: they've been wanting to be able to
run a "headless browser" for testing purposes for years, so if this can
get us closer to that, it would be a big win.
- Atul
Felipe Gomes (:felipe)
May 7, 2010, 4:47:57 PM5/7/10
to mozilla-labs-jetpack
On May 7, 5:30 pm, Atul Varma <ava...@mozilla.com> wrote:
>
> Wow. FWIW, this would be amazing, not only for Jetpack and extensions in
> general, but also for Web Developers: they've been wanting to be able to
> run a "headless browser" for testing purposes for years, so if this can
> get us closer to that, it would be a big win.
>
> - Atul
I believe there is ongoing work being done about this on
>
> Wow. FWIW, this would be amazing, not only for Jetpack and extensions in
> general, but also for Web Developers: they've been wanting to be able to
> run a "headless browser" for testing purposes for years, so if this can
> get us closer to that, it would be a big win.
>
> - Atul
https://bugzilla.mozilla.org/show_bug.cgi?id=446591 (http://
hg.mozilla.org/incubator/offscreen).
There is also https://bugzilla.mozilla.org/show_bug.cgi?id=503320,
which I don't know how they relate
- Felipe
Felipe Gomes (:felipe)
May 12, 2010, 2:32:30 PM5/12/10
to mozilla-labs-jetpack
>
> Why are you doing this in the hidden window, instead of in a window (hidden)
> specially created for jetpack? The primary concern here is that you can't
> create these frames in a normal browser windows because the user might close
> them and the frames would go away unexpectedly, right?
>
> We definitely ought to fix this for 3.7 to give you something like a
> headless docshell. Can you file a bug on that, if there isn't one already?
>
I filed https://bugzilla.mozilla.org/show_bug.cgi?id=565388 for that.
> Why are you doing this in the hidden window, instead of in a window (hidden)
> specially created for jetpack? The primary concern here is that you can't
> create these frames in a normal browser windows because the user might close
> them and the frames would go away unexpectedly, right?
>
> We definitely ought to fix this for 3.7 to give you something like a
> headless docshell. Can you file a bug on that, if there isn't one already?
>
- Felipe
Reply all
Reply to author
Forward
0 new messages