tags:

views:

42

answers:

0
+1  Q: 

postMessage doesn't work in GreaseMonkey because it cannot acces contentWindow property on cross-domain iframe but in pure Firefox it will work

here are bunch of codes isolating this problem:

  1. create 3 files on local server:

test.html

<SCRIPT language="JavaScript" SRC="http://localhost/postmsg.js"&gt;&lt;/SCRIPT&gt;
<iframe src="http://127.0.0.1/iframe.htm" id="iframe"></iframe>
<div>Click anywhere on this page to see message from embedded iframe,
which do not need to be on the same domain</div>

iframe.html

<SCRIPT language="JavaScript" SRC="http://127.0.0.1/postmsg.js"&gt;&lt;/SCRIPT&gt;
<div id="message"></div>

postmsg.js

// ==UserScript==
// @include       *
// ==/UserScript==

alert('script loaded')
window.addEventListener('click', 
    function() {
        frame = document.getElementsByTagName("iframe")[0]
        cwindow = frame.contentWindow //here comes the error anything after this line won't execute in greasemonkey
        alert("this won't show in greasemonkey");
        cwindow.postMessage("hello, iframe!","*")
    },
true);

window.addEventListener("message", function(e){
        alert("message from iframe: main window was clicked!  " +e.data);
        document.getElementById('message').textContent += "message from iframe: main window was clicked!\n"
}, true);

this js file can work as standard included file html, then first comments are ignored, but after renaming extension to user.js can be installed in greasemonkey, and then stops working after line when contentWindow is called

notice that even if main and framed html are on the same server for js interpreter these files are on different domains because js interpreter doesn't know that localhost and 127.0.0.1 are identical

I've put "@include *" so you can check it on different websites, and it looks like this error only exists on cross domain iframes. If you go to translate.google.com, which has several iframes, but all ont the same domain, this script works as expected

Question is, what the hell cross domain security checking is doing on greasemonkey ? This contradicts this tool usage. A malicious website cannot install script, user must agree to that. I was stuck for long time on this because firebug wasn't indicating that the properties it is showing on cross domain iframe are actually not available on by the browser's js engine.

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript