在xul中设置innerHTML
我在 browser.xul 代码中,我正在尝试从 html 文件中获取数据并将其插入到我的 div 元素中。
我正在尝试使用 div.innerHTML 但出现异常:
组件返回失败代码:0x804e03f7 [nsIDOMNSHTMLElement.innerHTML]
我尝试使用 Components.interfaces.nsIScriptableUnescapeHTML 解析 HTML 并将解析后的 html 附加到我的 div 中,但我的问题是样式(属性和标签)和脚本未解析。
I have in my browser.xul code,what I am tyring to is to fetch data from an html file and to insert it into my div element.
I am trying to use div.innerHTML but I am getting an exception:
Component returned failure code: 0x804e03f7
[nsIDOMNSHTMLElement.innerHTML]
I tried to parse the HTML using Components.interfaces.nsIScriptableUnescapeHTML and to append the parsed html into my div but my problem is that style(attribute and tag) and script isn`t parsed.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
首先警告:如果您的 HTML 数据来自网络,那么您正在尝试在您的扩展中构建安全漏洞。来自网络的 HTML 代码永远不应该被信任(即使来自您自己的网络服务器并通过 HTTPS),您应该真正使用
nsIScriptableUnescapeHTML。样式应该是您的扩展的一部分,使用网络上的样式并不安全。有关更多信息:https://developer.mozilla.org/En/Displaying_web_content_in_an_extension_without_security_issues至于您的问题,这个错误代码是 NS_ERROR_HTMLPARSER_STOPPARSING 这似乎意味着解析错误。我猜想您正在尝试向其提供常规 HTML 代码而不是 XHTML(这将是 XML 兼容的)。无论哪种方式,解析 XHTML 代码的更好方法是
DOMParser,这将为您提供一个文档,然后您可以将其插入到正确的位置。如果真正的目的是解析 HTML 代码(而不是 XHTML),那么您有两个选择。一种是使用
元素并在其中显示数据。您可以从 HTML 数据生成data:URL:如果您不想在框架中显示数据,您仍然需要一个加载了 HTML 文档的框架(可以隐藏)(可以是
about:blank)。然后使用Range.createContextualFragment()进行解析你的 HTML 字符串:First a warning: if your HTML data comes from the web then you are trying to build a security hole into your extension. HTML code from the web should never be trusted (even when coming from your own web server and via HTTPS) and you should really use
nsIScriptableUnescapeHTML. Styles should be part of your extension, using styles from the web isn't safe. For more information: https://developer.mozilla.org/En/Displaying_web_content_in_an_extension_without_security_issuesAs to your problem, this error code is NS_ERROR_HTMLPARSER_STOPPARSING which seems to mean a parsing error. I guess that you are trying to feed it regular HTML code rather than XHTML (which would be XML-compliant). Either way, a better way to parse XHTML code would be
DOMParser, this gives you a document that you can then insert into the right place.If the point is really to parse HTML code (not XHTML) then you have two options. One is using an
<iframe>element and displaying your data there. You can generate adata:URL from your HTML data:If you don't want to display the data in a frame you will still need a frame (can be hidden) that has an HTML document loaded (can be
about:blank). You then useRange.createContextualFragment()to parse your HTML string:XML 文档没有
innerHTML,而nsIScriptableUnescapeHTML是解析 html 的一种方法,但它是为 HTML 可能不安全的情况而设计的;正如您所发现的,它会丢弃脚本节点(以及其他一些东西)。然而,还有一些替代方案。您可以使用
responseXML属性,尽管除非您接收 XHTML 内容,否则这可能不是最佳选择。您还可以使用 iframe。这可能看起来很过时,但 iframe 的工作是获取 url(
src属性)并渲染它接收到的内容,这必然意味着解析它并构建 DOM。一般来说,当作为 chrome 运行的扩展执行此操作时,必须注意不要向远程内容授予相同的 chrome 权限。幸运的是,这很容易管理;只需将type="content"放在 iframe 上即可。然而,由于您希望将 DOM 批量导入到您的 XUL 文档中,因此您必须已经确保此远程内容始终是安全的。显然,您使用的是 HTTPS 连接,并且您非常小心地通过确保服务器发送正确的证书来验证服务器的身份。您还验证了服务器没有被黑客攻击并且没有传递恶意内容。XML documents don't have
innerHTML, andnsIScriptableUnescapeHTMLis one way to get the html parsed but it's designed for uses where the HTML might not be safe; as you've found out it throws away the script nodes (and a few other things).There are a couple of alternatives, however. You can use the
responseXMLproperty, although this may be suboptimal unless you're receiving XHTML content.You could also use an iframe. It may seem old-fashioned, but an iframe's job is to take a url (the
srcproperty) and render the content it receives, which necessarily means parsing it and building a DOM. In general, when an extension running as chrome does this, it will have to take care not to give the remote content the same chrome privilages. Luckily that's easily managed; just puttype="content"on the iframe. However, since you're looking to import the DOM into your XUL document wholesale, you must have already ensured that this remote content will always be safe. You're evidently using an HTTPS connection, and you've taken extra care to verify the identity of the server by making sure it sends the right certificate. You've also verified that the server hasn't been hacked and isn't delivering malicious content.