English 中文(简体)
js的Xul集装箱功能,我想把一个js功能从网页上的外围机上引来。
原标题:xul container function of js and I want to call one of the js function from external iframe on the page

我建造了Xul模板,我增加了Xul的碎片。

the main page is contain a iframe tag. I want to call to specific js function(inside the xul) from the iframe page loaded.

例如:

这是Xul文档:

<?xml version="1.0"?>


         <script type="application/x-javascript"
        src="chrome://tuttoolbar/content/general.js" />

<toolbox id="navigator-toolbox">

    <toolbar id="TutTB-Toolbar" toolbarname="Tutorial Toolbar" accesskey="T"
             class="chromeclass-toolbar" context="toolbar-context-menu" 
             hidden="false" persist="hidden">

        <toolbarbutton id="TutTB-MainMenu" type="menu"
                       tooltiptext="Tutorial Toolbar Main Menu">
            <menupopup>
                <menuitem label="Google Home Page" accesskey="G"
                          tooltiptext="Navigate to Google"
                          oncommand="countChild( rso , li )" />

                <menuseparator />

                <menuitem label="Born Geek Website" accesskey="B"
                          tooltiptext="Navigate to Born Geek"
                          oncommand="te()" />
            </menupopup>
        </toolbarbutton>


    </toolbar>



</toolbox>

这是普通联合材料(在Xul档案中):

function box(){
alert("Box Work");
}

测试.php——这是在机体内装载的源页:

     <html>
    <head>
    </head> 
    <body>
   <div id="call" onclick="javascript:box();">
    </body>
    </html>

这是主要文件:

    <html>
    <head>
    </head> 
    <body>
   <iframe src="test.php" width="400" height="40"></iframe>
    </body>
    </html>

是否有办法这样做?

问题回答

内容(未经委托)文件(包括任何IFRAMEs)可直接操作由XulRunner装载的延伸或其他特权代码界定的职能。 即便是你的特权法典赋予了不受委托的内容窗口一项功能,只要该功能试图使用/召唤一些特权,就会出现安全错误。

但是,你可以把一个活动清单添加到不信任的内容窗口! 稍微令人沮丧的是,你可以建立一个计划,方便地将“优先”职能安装成不信任的内容,即:打破安全沙箱。

这里的一个例子是,允许未受委托的dom夫(原始)从事跨世的吉大港山区全球教育运动:

/* 
   Give the end-user this API: 
     xdomainGET(sURL, 
                function(
                  iHTTPStatusCode, 
                  sHTTPStatusText, 
                  sHTTPResponseText
                ) { ... })             
*/

function install_xdomainGET_on_my_special_page(chromeWindow, domWindow) {

  install_privileged_method(
    /* this is the current browser chromeWindow (your XUL overlay is here!) */
    chromeWindow,     

    /* this is the unstrusted domWindow containing your IFRAME              */
    domWindow,  

    /* the name of the method we re adding to the untrusted domWindow       */
     xdomainGET ,     

    /* This is the methodFactory */
    function(priv) {
      /* This is the method that will be installed onto the untrusted 
         domWindow. It takes two arguments,  sURL  and  cb .  sURL  is a 
         cross-domain HTTP URL which we want to be able to GET from the 
         untrusted domWindow.  cb  is a callback function which returns 
         3 values to the caller...                                          */
      return function(sURL, cb) {
        priv.call([sURL], function(rstatus, rdata, rerror){
          cb(rstatus ? rdata.statusCode   : 0,      // iHTTPStatusCode
             rstatus ? rdata.statusText   : rerror, // sHTTPStatusText
             rstatus ? rdata.responseText : null);  // sHTTPResponseText
        });
      };
    },

    /* This is the privileged  handler code. It has access to the 
       chromeWindow, and all of the privileged APIs that are available 
       there. (e.g: nsI*, XPCom, js-ctypes, etc)                            */
    function (chromeWindow, args, cb) {
      var [url] = args;
      var xhr = new chromeWindow.XMLHttpRequest();
      xhr.onload = function(){
        cb(1, {
          statusCode: this.status,
          statusText: this.statusText,
          responseText: this.responseText
        }, null);
      };
      xhr.addEventListener( error , function(error_evt) { 
        cb(0, null, error_evt.error); 
      }, false);
      xhr.open( get , url, true);
      xhr.send();
    }
  );
}

And here s my library function which makes that possible. Basically, it does two things (from privileged code):

  1. 它把一项功能安装在未信任的dom子中,向最终用户提供预期的促销工具,而后者在呼吁一揽子方案时提出论点(包括追索功能),并提出了合成事件。 它把这作为一种方法工厂来组织起来,使最终用户能够拥有他们所希望的任何形式的产品(只要它回击!)

  2. 该系统在未信任的窗口安装了一个活动手。 当不信任的窗口发送其合成活动时,活动手却赶上它,不包装这些论点符合规定的特权。 然后,它把在活动细节中提供的不信任的反馈功能称作。

const Cc = Components.classes;
const Ci = Components.interfaces;
let consoleService = Cc["@mozilla.org/consoleservice;1"]
                       .getService(Ci.nsIConsoleService);
function LOG(msg) { 
  consoleService.logStringMessage("EXTENSION: "+msg); 
}

// install a privileged method on the given (untrusted)  target  window 
var install_privileged_method = (function(){
  var gensym = (function (){
    var __sym = 0;
    return function () { return  __sym_ +(__sym++); }
  })();

  return function (chromeWindow, target, slot, handler, methodFactory) {
    try {

      // initialise target window with ticket/callback-dict/namespace
      target.__pmcache__ = target.hasOwnProperty( __pmcache__ ) 
        ? target.__pmcache__ 
        : { ticket_no: 0, callbacks: {}, namespace: gensym() };

      // install the user factory-generated dispatcher method on 
      // the  target  untrusted content window.
      target[slot] = methodFactory({ call: function(fargs, fcb) {
        try {
          var ticket_no = target.__pmcache__.ticket_no++;
          target.__pmcache__.callbacks[ticket_no] = fcb;
          var cevent = target.document.createEvent("CustomEvent");
          cevent.initCustomEvent(
            target.__pmcache__.namespace+ . +slot, 
            true, true, { fargs: fargs, ticket_no: ticket_no }
          );
          target.dispatchEvent(cevent);
        } catch (ue) {
          fcb(0, null,  untrusted dispatcher error:  +ue);
        }
      }});
      LOG("installed untrusted dispatcher for method  "+slot+" .");

      // Add an event listener to (untrusted) target window which 
      // listens for custom event generated by above dispatcher method.
      target.addEventListener(
        target.__pmcache__.namespace+ . +slot, 
        function(cevent){
          var ticket_no = cevent.detail.ticket_no;
          var fargs = cevent.detail.fargs;
          var fcb = target.__pmcache__.callbacks[ticket_no];
          try {
            handler(chromeWindow, fargs, fcb);
          } catch (pe) {
            fcb(0, null,  privileged handler error:  +pe);
          }
        }, 
        false, 
        true
      );
      LOG("installed privileged handler for method  "+slot+" .");

    } catch (ie) {
      LOG("ERROR installing handler/factory for privileged "+
          "method  "+slot+" : "+ie);
    }
  };
})();

既然我们找到了打破沙箱的办法,我们就需要确保我们只把这种可能性添加到我们信任的网页上。 (一) 即:你在那里主办你的公共卫生和社会福利部。

我在采购处这样做,因此,在用户界面中处理一个或多个<代码>TabBrowserXUL要素的Im。 当你重新使用XulRunner时,情况可能并非如此。

In order to find our trusted page, we need to look at all current (and future) chromeWindows and install a load handler on them.

let wm = Cc["@mozilla.org/appshell/window-mediator;1"]
           .getService(Ci.nsIWindowMediator);
let windows = wm.getEnumerator("navigator:browser");
while (windows.hasMoreElements()) {
  let domWindow = windows.getNext().QueryInterface(Ci.nsIDOMWindow);
  WindowListener.setupBrowserUI(domWindow);
}
wm.addListener(WindowListener);

where WindowListener is defined as:

var WindowListener = {
  setupBrowserUI: function(window, xulWindow, othWindow) {
    window.gBrowser.addEventListener( load , my_load_handler, true); 
  },
  tearDownBrowserUI: function(window) { 
    window.gBrowser.removeEventListener( load , my_load_handler, true); 
  },
  onOpenWindow: function(xulWindow) {
    let domWindow = xulWindow.QueryInterface(Ci.nsIInterfaceRequestor)
                      .getInterface(Ci.nsIDOMWindow);
    domWindow.addEventListener("load", function listener() {
      domWindow.removeEventListener("load", listener, false); 
      var domDocument = domWindow.document.documentElement;
      var windowType = domDocument.getAttribute("windowtype");
      if (windowType == "navigator:browser")
        WindowListener.setupBrowserUI(domWindow);
    }, false);
  },

  onCloseWindow: function(xulWindow) { },
  onWindowTitleChange: function(xulWindow, newTitle) { }
};

where my_load_handler is defined as:

var my_load_handler = function (evt) {
  try {
    var browserEnumerator = wm.getEnumerator("navigator:browser");
    while (browserEnumerator.hasMoreElements()) {
      var browserWin = browserEnumerator.getNext();
      var tabbrowser = browserWin.gBrowser;
      var numTabs = tabbrowser.browsers.length;
      for (var index = 0; index < numTabs; index++) {
        var currentBrowser = tabbrowser.getBrowserAtIndex(index);
        var domWindow = currentBrowser.contentWindow.wrappedJSObject;

        // identify your target page...
        if (domWindow.location.href ==  http://yourserver/yourpage ) {

          // install the privileged method (if it s not already there!)
          if (!domWindow.hasOwnProperty( xdomainGET ) {
            install_xdomainGET_on_my_special_page(browserWin, domWindow);
          } 
        } 

      }
    }
  } catch (e) {
    LOG(e);
  }
}
时间:2014-02-01 12:40:24


上一篇:
下一篇:


相关问题
selected text in iframe

How to get a selected text inside a iframe. I my page i m having a iframe which is editable true. So how can i get the selected text in that iframe.

时间:2009-11-13 04:26:50 回答:3 展示:1
How to fire event handlers on the link using javascript

I would like to click a link in my page using javascript. I would like to Fire event handlers on the link without navigating. How can this be done? This has to work both in firefox and Internet ...

时间:2009-11-13 04:03:02 回答:2 展示:1
How to Add script codes before the </body> tag ASP.NET

Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...

时间:2009-11-13 03:31:36 回答:3 展示:1
Clipboard access using Javascript - sans Flash?

Is there a reliable way to access the client machine s clipboard using Javascript? I continue to run into permissions issues when attempting to do this. How does Google Docs do this? Do they use ...

时间:2009-11-09 14:57:38 回答:8 展示:1
javascript debugging question

I have a large javascript which I didn t write but I need to use it and I m slowely going trough it trying to figure out what does it do and how, I m using alert to print out what it does but now I ...

时间:2009-11-09 14:29:27 回答:2 展示:1
Parsing date like twitter

I ve made a little forum and I want parse the date on newest posts like twitter, you know "posted 40 minutes ago ","posted 1 hour ago"... What s the best way ? Thanx.

时间:2009-11-09 14:21:27 回答:2 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全