I am running afoul of the security restrictions doing this. My
(trusted) script cannot interact richly with the page because the page
is not trusted when I load it into firefox by typing
chrome://myextension/content/myextension.xul
into the location bar. So I get access only to the wrapper, and not
to the top level window object.
The only way I know of to get a trusted window is to start up Firefox
like this:
firefox -chromebug -chrome chrome://myextension/content/myextension.xul
Unfortunately, when I do this, the chromebug console doesn't have
access to my window. Chromebug says:
"Reload to activate window console"
but as far as I can tell, there's no way to reload a -chrome window.
Certainly there's no menu item or what-have-you. This means I'm left
without a way to debug my program.
Any explanation of how I can open a trusted window with chromebug so
that I can debug my application would be very, very, very gratefully
received!
Ignore that message. It is from Firebug code and does not relate to
Chromebug. I'll try to suppress the message.
>
> but as far as I can tell, there's no way to reload a -chrome window.
> Certainly there's no menu item or what-have-you. This means I'm left
> without a way to debug my program.
Do you have a context named "chrome://myextension/content/myextension.xul"?
> Any explanation of how I can open a trusted window with chromebug so
> that I can debug my application would be very, very, very gratefully
> received!
I don't know what a trusted window is. The 'console' function in
Chromebug is not something I use so the most likely explanation is
simply that there is a bug in chromebug. But first we need to know if
you see the context.
jjb
> Do you have a context named "chrome://myextension/content/myextension.xul"?
>
> > Any explanation of how I can open a trusted window with chromebug so
> > that I can debug my application would be very, very, very gratefully
> > received!
>
> I don't know what a trusted window is. The 'console' function in
> Chromebug is not something I use so the most likely explanation is
> simply that there is a bug in chromebug. But first we need to know if
> you see the context.
Actually, you are right. It seems that if I just interact with
chromebug (typically by pulling up one of my scripts in the scripts
window), the console comes to life and becomes aware of my
application. So it seems like it's working.
As for "trusted window," the idea is a window that you can trust your
privileged script to talk to (particularly to custom properties
thereof). In general, Firefox forbids privileged scripts from
invoking arbitrary properties on arbitrary windows, because javascript
on arbitrary windows could be used to overwrite properties, allowing
outsiders to escalate their privilege and get around FF's security.
So if the window isn't trusted, your privileged scripts get only
filtered access to it. Someone with more experience than me might be
able to grok it, but I find the description of how to make a trusted
window a little opaque (I get the "open it with -chrome") part of the
explanation, but the rest of it loses me.
I guess you know about the puzzling page that claims to describe these
issues:
https://developer.mozilla.org/En/Working_with_windows_in_chrome_code
Anyway I can say that Firefox prevents JS code in windows inside of tabs
in Firefox from running if called by browser extension code. Firebug
opens it's trace console and it is not subject to the security wrapping. See
http://code.google.com/p/fbug/source/browse/branches/firebug1.6/content/firebug/traceModule.js#251
jjb