I have chromeless application with some privileged JavaScript code interacting with the system.Now I want to mash-up the privileged JavaScript (jsctypes) with an application hosted in the server. The remote application will be loaded in an Iframe and the interaction between the chromeless application and remote application happens through html5 postMessage.
The parent does post message to the contained Iframe and is successfully received by the Iframe with e.origin as “resource:\app”
whereas if I try to postMessage from Iframe to window.parent with domain as resource:\app the onmessage listener in the parent is not invoked
The layout,
On executing, >chromeless examples\testapp\index.html
A xul application is generated in the chromeless build folder and the following is shown.
+-----------------------------------Chromeless----+ | | | --- MessageToIframeButton | | | | +--------------------------Iframe--+ | | |Msg Recvd from: resource://app | | | |(this is the message from parent) | | | | | | | | _TxtBox_sendMessage | | | | | | | | | | | | | | | +----------------------------------+ | | Msg Recvd: | | | +-------------------------------------------------+
postMessage inside Iframe
[Code]
var sendMessage = function(){
var iframe = window.parent;
iframe.postMessage("test","resouce://app");
};
[/Code]
onMessage of Parent ,
var onmessage = function(e) {
alert("message");
}
if(typeof window.addEventListener != 'undefined') {
window.addEventListener('message', onmessage, false);
}
else if(typeof window.attachEvent != 'undefined') {
window.attachEvent('onmessage', onmessage);
}
Any Help appreciated!
Palant,I tried to implement the cross domain communication using custom events but could not succeed,
In Priviliged index.html [Chromeless examples\testapp\index.html]:
var myExtension = {
myListener: function(evt) {
alert("Received from web page: " +
evt.target.getAttribute("attribute1"));
}
}
document.addEventListener("MyExtensionEvent", function(e) {myExtension.myListener(e); }, false, true); // The last value is a Mozilla-specific value to indicate untrusted content is allowed to trigger the event.
//content.addEventListener("MyExtensionEvent", function(e) {myExtension.myListener(e); }, false, true); //Also tried with content.
In the remote app Iframe remote.html:
On click of a button,
var element = document.createElement("MyExtensionDataElement");
element.setAttribute("attribute1", "foobar");
document.documentElement.appendChild(element);
var evt = document.createEvent("Events");
evt.initEvent("MyExtensionEvent", true, false);
element.dispatchEvent(evt);
The triggered event does not bubble to the privileged parent domain.If an eventListener is added to the Iframe itself the dispatched Event is received and similarly if the custom-event is generated in the privileged context(index.html) then the parent window does receive a notification but not across hierarchy. Am I missing something basic??
Given that you link to Prevent target="_top" from taking over UI in Mozilla Chromeless I guess that the frame you loaded the remote application into is a content frame (which it definitely should be). This means that a security boundary is established between your privileged code and the content, and in particular for the frame it looks like it is on the top level – it cannot access the privileged document (easy to check, add
alert(window == window.parent)to the frame code). All this makes sense security-wise but it also means that usingpostMessage()for communication will not be possible.There is a somewhat more awkward communication method described on https://developer.mozilla.org/en/Code_snippets/Interaction_between_privileged_and_non-privileged_pages. It has the advantage that it can securely cross the security boundary.