exporting API to content page
Anthony Lieuallen
function to the content page. I need it to function even for inline
scripts.
FireBug does this, with its console logging API. I've spent all day
trying to decode how it works, and not gotten very far. Plus, its
method seems very complex.
Is there a good way to inject a new function into the global window
scope that a normal page sees from an extension? If not, is there a
good example of the complicated way to do it, somewhere?
Thanks!
Gijs Kruitbosch
The fact that it does it very complicatedly is because it's a huge
security risk. Basically, you're doomed as soon as you access anything
provided by content from a chrome-privileged function (because with
getters and setters, even an assignment or function call can screw you
over).
To my knowledge, there is no simple, safe, way to do what you ask. It'll
always be messy.
~ Gijs
Nickolay Ponomarev
for other threads about this?
Nickolay
Anthony Lieuallen
> On 2/6/07, Anthony Lieuallen <jus...@example.com> wrote:
>> I'm attempting to add a feature to my extension that will export a
>> function to the content page. I need it to function even for inline
>> scripts.
> for other threads about this?
I'm tired of "urchinTracker is not defind" or "OAS_RICH is not defined"
errors showing up, because the script that defined them happened to be
blocked, but the call to them is inline.
Yes, I searched, but the terms I use must not have been the terms that
other people used, if this thread is out there already.
Anthony Lieuallen
> Anthony Lieuallen wrote:
>> I'm attempting to add a feature to my extension that will export a
>> function to the content page. I need it to function even for inline
>> scripts.
>>
>> FireBug does this, with its console logging API. I've spent all day
>> trying to decode how it works, and not gotten very far. Plus, its
>> method seems very complex.
> security risk. Basically, you're doomed as soon as you access anything
> provided by content from a chrome-privileged function (because with
> getters and setters, even an assignment or function call can screw you
> over).
I'm aware of the security concerns. (I'm a GreaseMonkey hacker, since
before the big security release, and I watched that unfold.) The
complicated-ness I refer to is the fact that FireBug:
1. Creates a <browser> in the overlay
2. with an XBL binding attached,
3. which sets a constructor,
4. which calls an initializer,
5. which adds a progress listener,
6. which calls a function, which adds another progress listener,
7. which calls another function, which finally injects an object into
the content page.
Yes, the object uses closures for security, but at this point that's a
trivial addition.
Are all these steps really necessary to get the "window has been
created, page hasn't been loaded in yet" context?
Nickolay Ponomarev
> On 2/5/2007 8:18 PM, Nickolay Ponomarev wrote:
> > On 2/6/07, Anthony Lieuallen <jus...@example.com> wrote:
> >> I'm attempting to add a feature to my extension that will export a
> >> function to the content page. I need it to function even for inline
> >> scripts.
> > Why do you need this? Is the page under your control? Did you search
> > for other threads about this?
>
> I'm tired of "urchinTracker is not defind" or "OAS_RICH is not defined"
> errors showing up, because the script that defined them happened to be
> blocked, but the call to them is inline.
>
property 'sidebar' accessible from content).
> Yes, I searched, but the terms I use must not have been the terms that
> other people used, if this thread is out there already.
OK, it's better to let the group know that you did in fact search the
archives when you're asking a question. And if you found something
that is not quite what you need, it's useful to mention that too.
Nickolay
Anthony Lieuallen
> In that case you can do what nsSidebar does (it defines a global
> property 'sidebar' accessible from content).
TYVM! That's just the nugget I needed, the keystone that has cracked
open the floodgates. I've googled plenty of appropriate references from
that starting point already.
Anthony Lieuallen
> On 2/6/07, Anthony Lieuallen <jus...@example.com> wrote:
>> On 2/5/2007 8:18 PM, Nickolay Ponomarev wrote:
>> > On 2/6/07, Anthony Lieuallen <jus...@example.com> wrote:
>> >> I'm attempting to add a feature to my extension that will export a
>> >> function to the content page.
>> > for other threads about this?
>> I'm tired of "urchinTracker is not defind" or "OAS_RICH is not defined"
>> errors showing up, because the script that defined them happened to be
>> blocked, but the call to them is inline.
> In that case you can do what nsSidebar does (it defines a global
> property 'sidebar' accessible from content).
I've figured out how to do this properly, but it only places an object
into the page's scope; I need a function to be injected there. I've
just shifted "is not defined" to "is not a function" by doing this.
Is this just something that this method isn't going to support?
Nickolay Ponomarev
I think so (there is a similar category for global constructors, but I
don't think it will work). You could try something like this:
var s = new Components.utils.Sandbox(content);
s.window = content;
Components.utils.evalInSandbox("window.wrappedJSObject.test = function
() { } ", s)
- at some point when the JS environment is initialized, but the
scripts have not yet run. This creates a sandbox using the principal
of the currently active content page (this part will need to be
tweaked to support background loads as well), gives the sandbox access
to the (wrapped) global object of the content page, then creates a
function in the page's global object using the sandbox's principal.
FWIW, bzbarsky didn't immediately find a problem with this approach :)
Nickolay
bruceb...@gmail.com
> I've figured out how to do this properly, but it only places an object
> into the page's scope; I need a function to be injected there. I've
> just shifted "is not defined" to "is not a function" by doing this.
Hi,
I'm trying to inject a object into client windows. Could you publish
how you managed to do this?
Cheers,
Bruce