iframe跨域通信和chromeless域
我有一个无铬应用程序,其中包含一些与系统交互的特权 JavaScript 代码。现在我想将特权 JavaScript (jsctypes) 与服务器中托管的应用程序混合在一起。远程应用程序将在 Iframe 中加载,并且 chromeless 应用程序和远程应用程序之间的交互通过 html5 postMessage 进行。
父级确实将消息发布到包含的 Iframe,并被 Iframe 成功接收,e.origin 为“resource:\app” 而如果我尝试将域作为资源从 Iframe 发送到 window.parent:\app 则不会调用父级中的 onmessage 侦听器
布局,
在执行时,>chromeless Examples\testapp\index.html 在 chromeless build 文件夹中生成了一个 xul 应用程序,如下所示。
+-----------------------------------Chromeless----+ | | | --- MessageToIframeButton | | | | +--------------------------Iframe--+ | | |Msg Recvd from: resource://app | | | |(this is the message from parent) | | | | | | | | _TxtBox_sendMessage | | | | | | | | | | | | | | | +----------------------------------+ | | Msg Recvd: | | | +-------------------------------------------------+
父级的Iframe
[Code]
var sendMessage = function(){
var iframe = window.parent;
iframe.postMessage("test","resouce://app");
};
[/Code]
onMessage 内的 postMessage ,
var onmessage = function(e) {
alert("message");
}
if(typeof window.addEventListener != 'undefined') {
window.addEventListener('message', onmessage, false);
}
else if(typeof window.attachEvent != 'undefined') {
window.attachEvent('onmessage', onmessage);
}
任何帮助表示赞赏!
Palant,我尝试使用自定义事件实现跨域通信但无法成功,
在特权index.html [Chromeless Examples\testapp\index.html]中:
var myExtension = {
myListener: function(evt) {
alert("Received from web page: " +
evt.target.getAttribute("attribute1"));
}
}
document.addEventListener("MyExtensionEvent", function(e) {myExtension.myListener(e); }, false, true); // The last value is a Mozilla-specific value to indicate untrusted content is allowed to trigger the event.
//content.addEventListener("MyExtensionEvent", function(e) {myExtension.myListener(e); }, false, true); //Also tried with content.
在远程应用程序Iframe remote.html中: 单击按钮时,
var element = document.createElement("MyExtensionDataElement");
element.setAttribute("attribute1", "foobar");
document.documentElement.appendChild(element);
var evt = document.createEvent("Events");
evt.initEvent("MyExtensionEvent", true, false);
element.dispatchEvent(evt);
触发的事件不会冒泡到特权父域。如果将事件监听器添加到 Iframe 本身,则会接收调度的事件,如果在特权上下文 (index.html) 中生成自定义事件,则类似地那么父窗口确实会收到通知,但不会跨层次结构。我错过了一些基本的东西吗?
I have chromeless application with some privileged JavaScript code interacting with the system.Now I want to mash-up the privileged JavaScript (jsctypes) with an application hosted in the server. The remote application will be loaded in an Iframe and the interaction between the chromeless application and remote application happens through html5 postMessage.
The parent does post message to the contained Iframe and is successfully received by the Iframe with e.origin as "resource:\app"
whereas if I try to postMessage from Iframe to window.parent with domain as resource:\app the onmessage listener in the parent is not invoked
The layout,
On executing, >chromeless examples\testapp\index.html
A xul application is generated in the chromeless build folder and the following is shown.
+-----------------------------------Chromeless----+ | | | --- MessageToIframeButton | | | | +--------------------------Iframe--+ | | |Msg Recvd from: resource://app | | | |(this is the message from parent) | | | | | | | | _TxtBox_sendMessage | | | | | | | | | | | | | | | +----------------------------------+ | | Msg Recvd: | | | +-------------------------------------------------+
postMessage inside Iframe
[Code]
var sendMessage = function(){
var iframe = window.parent;
iframe.postMessage("test","resouce://app");
};
[/Code]
onMessage of Parent ,
var onmessage = function(e) {
alert("message");
}
if(typeof window.addEventListener != 'undefined') {
window.addEventListener('message', onmessage, false);
}
else if(typeof window.attachEvent != 'undefined') {
window.attachEvent('onmessage', onmessage);
}
Any Help appreciated!
Palant,I tried to implement the cross domain communication using custom events but could not succeed,
In Priviliged index.html [Chromeless examples\testapp\index.html]:
var myExtension = {
myListener: function(evt) {
alert("Received from web page: " +
evt.target.getAttribute("attribute1"));
}
}
document.addEventListener("MyExtensionEvent", function(e) {myExtension.myListener(e); }, false, true); // The last value is a Mozilla-specific value to indicate untrusted content is allowed to trigger the event.
//content.addEventListener("MyExtensionEvent", function(e) {myExtension.myListener(e); }, false, true); //Also tried with content.
In the remote app Iframe remote.html:
On click of a button,
var element = document.createElement("MyExtensionDataElement");
element.setAttribute("attribute1", "foobar");
document.documentElement.appendChild(element);
var evt = document.createEvent("Events");
evt.initEvent("MyExtensionEvent", true, false);
element.dispatchEvent(evt);
The triggered event does not bubble to the privileged parent domain.If an eventListener is added to the Iframe itself the dispatched Event is received and similarly if the custom-event is generated in the privileged context(index.html) then the parent window does receive a notification but not across hierarchy. Am I missing something basic??
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
鉴于您链接到 防止 target="_top"接管 Mozilla Chromeless 中的 UI 我猜想您将远程应用程序加载到的框架是一个内容框架(它绝对应该是)。这意味着在您的特权代码和内容之间建立了安全边界,特别是对于看起来位于顶层的框架 - 它无法访问特权文档(易于检查,添加
alert(window == window.parent)到框架代码)。所有这些在安全方面都是有意义的,但这也意味着使用postMessage()进行通信是不可能的。https://developer.mozilla.org/ 上描述了一种更尴尬的通信方法en/Code_snippets/Interaction_ Between_privileged_and_non-privileged_pages。它的优点是可以安全地跨越安全边界。
Given that you link to Prevent target="_top" from taking over UI in Mozilla Chromeless I guess that the frame you loaded the remote application into is a content frame (which it definitely should be). This means that a security boundary is established between your privileged code and the content, and in particular for the frame it looks like it is on the top level - it cannot access the privileged document (easy to check, add
alert(window == window.parent)to the frame code). All this makes sense security-wise but it also means that usingpostMessage()for communication will not be possible.There is a somewhat more awkward communication method described on https://developer.mozilla.org/en/Code_snippets/Interaction_between_privileged_and_non-privileged_pages. It has the advantage that it can securely cross the security boundary.