Firefox Addon SDK：将加载文件加载到iframe中 [英] Firefox Addon SDK: Loading addon file into iframe

问题描述

我想从我的Firefox插件中分别加载一个 resource：// 链接和一个本地文件到 iframe 在网页中。

原因在于，资源应该可视化地嵌入到网页中，而不是由于安全原因给予网站对其DOM的访问。 / p>

这个问题已经在过去不同的地方讨论过了，这里（没有解决方案）：
https://bugzilla.mozilla.org/show_bug.cgi?id= 792479

由于大部分帖子都比较陈旧，所以我想问一下，如果同时有新的解决方案或解决方法的话。

解决方案

我想我建议在错误或ML的jetpack一个可怕的解决方法，基本上是转换您的资源： url（使用 data.load 来加载HTML内容，然后编码和追加为前缀，所以类似的东西应该工作：

pre $ / * main.js * /
$ const {data} = require（'sdk / self'）;

//只是一个例子，你也可以使用`tab.attach`
require（'sdk / PageMod（{
include：'*'，
contentScriptFile：data.url（'content.js'），
contentScriptOptions：{
content：encodeURIComponent（data .load（'index.html'））
};
$ b / * content.js * /
let iframe = document.body.appendChild（document.createElement（'iframe'））;

iframe.setAttribute（'sandbox'，'allow-scripts'）;
//也许你还想使用无缝属性，请参阅：
// https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe

iframe.contentWindow.location.href ='data：text / html; charset = utf-8，'+ self.options.content;


这是个解决方法，我希望你提到的错误很快就会被解决。
请注意，通过这种方式，您不能直接从iframe传递给父母的文档，但这也意味着您无法做到这一点，这就是您想要防止的。

当然，您仍然可以使用附加代码在iframe和父文档之间进行通信（您需要附加内容脚本并使用 port 和 postMessage ）。

编辑： ，否则从父文档中获取 src 属性仍然是可能的，并且包含整个HTML文件。

I want to load a resource:// link, respectively a local file from my Firefox addon into an iframe in a web page.

The reason is, that the resource should be visually embedded into the web page while not giving the website access to it's DOM for security reasons.

The issue has been discussed in various places in the past, e.g. here (without solution): https://bugzilla.mozilla.org/show_bug.cgi?id=792479

As most of the postings are rather old, I want to ask, if in the meantime there are any new solutions or workarounds.

解决方案

I think I suggested in the bug or in the ML of jetpack a terrible workaround, that basically is convert your resource:// in a data: url (using data.load to load the HTML content, and then encode and append as prefix, so something like that should works:

/* main.js */
const { data } = require('sdk/self');

// just an example, you can use `tab.attach` too
require('sdk/page-mod').PageMod({
  include: '*',
  contentScriptFile: data.url('content.js'),
  contentScriptOptions: {
    content: encodeURIComponent(data.load('index.html'))
  }
});

/* content.js */
let iframe = document.body.appendChild(document.createElement('iframe'));

iframe.setAttribute('sandbox', 'allow-scripts');
// maybe you want also use the seamless attribute, see:
// https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe

iframe.contentWindow.location.href = 'data:text/html;charset=utf-8,' + self.options.content;

It's a workaround of course, and I hope that the bug you mentioned will be fixed soon. Notice that in this way you cannot communicate directly from the iframe to the parent's document, but it means also that you can't do the way around, that is what you want to prevent.

Of course, you can still use the add-on code to communicate between your iframe and the parent's document (you need to attach content scripts and use port and postMessage).

Edit: changed the way the url is set, otherwise getting the src attribute from the parent's document is still possible, and contains whole HTML.

这篇关于Firefox Addon SDK：将加载文件加载到iframe中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！