I also tried the (presumably unsafe) variation:
content.wrappedJSObject.foo()
which gives a slightly more useful error message:
Error: Access to 'chrome://browser/content/ajax.php from script denied
Source File: http://www.mydomain.com/test.html Line: 18
which seems to suggest quite clearly that the sandbox is
misinterpretting the relative URL in the XMLHttpRequest to be relative
to the chrome path I am actually running from and not the http:// url
that it should be running from. Any thoughts on how I can fix this,
short of changing the web page to use absolute url's (which indeed does
seem to fix the problem but may be infeasible in some situations)?
Thanks.
It's not the sandbox. The way XMLHttpRequest gets its base URI makes the
fundamental assumption that it's running against a window (which is not true in
this case). So doing XMLHttpRequest in a sandbox will just not work very well....
When we change the base URI behavior to match the W3C proposal and take the base
URI from the window the XMLHttpRequest object was created on, this might get better.
-Boris
can u explain these lines in detail ...
i m unable to understand
> When we change the base URI behavior to match the W3C proposal and take the base
> URI from the window the XMLHttpRequest object was created on, this might get better.
Thanks in advance
At that point the XMLHttpRequest will not be trying to get the base URI from the
sandbox.
-Boris