XML+XSL and latest dev.5.0.335.0
Mixe
included into XML:
<?xml-stylesheet type="text/xsl" href="style.xsl"?>
Developer console say:
Unsafe attempt to load URL
file:///C:/path_to_ext/style.xsl from frame with URL
file:///C:/path_to_ext/options.xml.
Domains, protocols and ports must match.
..and opens blank page. Because of this, the users (18000) of our
extension (Click&Clean) can't use some ext.features.
Using Safari4x, Opera10, Firefox 3.6 works fine.
There is a bug or Google have chosen to ban everything that is loaded
locally :) ?
Adam Barth
This is more fallout from Chris Evan's recent security changes for file URLs.
Adam
> --
> You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
> To post to this group, send email to chromium-...@chromium.org.
> To unsubscribe from this group, send email to chromium-extens...@chromium.org.
> For more options, visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.
>
>
Mixe
We found a solution, now we have to emded XSL stylesheet into XML.
This is not the best solution for us, because XML is generated on the
fly by NPAPI plugin.
It is unclear why HTML + external CSS stylesheet is safe,
but XML + external XSL stylesheet is unsafe?
Adam Barth
The reason these two are different is because the CSS behavior is
insecure. Unfortunately, we're hemmed in by web compatibility and
need to allow cross-origin loading of CSS, which has been causing us
to add a number of hacks recently to keep humpy dumpy (aka, the web
security model) together.
Adam