1

我有一些与系统交互的特权 JavaScript 代码的无铬应用程序。现在我想将特权 JavaScript (jsctypes) 与托管在服务器中的应用程序混搭。远程应用程序将被加载到一个 iframe 中,chromeless 应用程序和远程应用程序之间的交互通过 html5 postMessage 发生。

父级确实将消息发布到包含的 Iframe 并被 iframe 成功接收,其中 e.origin 为“resource:\app”,而如果我尝试将 Iframe 中的消息发布到 window.parent 并使用域作为资源:\app 中的 onmessage 侦听器未调用父级

布局,

执行时, >chromeless examples\testapp\index.html 在 chromeless 构建文件夹中生成一个 xul 应用程序,如下所示。

+-----------------------------------无铬----+
| |
| --- MessageToIframeButton |
| |
| +-------------------------Iframe--+ |
| |消息接收来自:resource://app | |
| |(这是来自家长的消息)| |
| | | |
| | _TxtBox_sendMessage | |
| | | |
| | | |
| | | |
| +---------------------------------+ |
| 消息接收:|
| |
+-------------------------------------------------- +

iframe 内的 postMessage

  [Code]
 var sendMessage = function(){
      var iframe = window.parent;
      iframe.postMessage("test","resouce://app");  
   };

  [/Code]

父母的 onMessage ,

           var onmessage = function(e) {
               alert("message");
             }
           if(typeof window.addEventListener != 'undefined') {
               window.addEventListener('message', onmessage, false);
             }
          else if(typeof window.attachEvent != 'undefined') {
               window.attachEvent('onmessage', onmessage);
              }

任何帮助表示赞赏!

Palant,我尝试使用自定义事件实现跨域通信但无法成功,

在特权 index.html [Chromeless 示例\testapp\index.html] 中:

     var myExtension = {
            myListener: function(evt) {
            alert("Received from web page: " +
            evt.target.getAttribute("attribute1"));
        }
        }
document.addEventListener("MyExtensionEvent", function(e) {myExtension.myListener(e); }, false, true); // The last value is a Mozilla-specific value to indicate untrusted content is allowed to trigger the event.
    //content.addEventListener("MyExtensionEvent", function(e) {myExtension.myListener(e); }, false, true); //Also tried with content.

在远程应用程序 Iframe remote.html 中:单击按钮时,

    var element = document.createElement("MyExtensionDataElement");
element.setAttribute("attribute1", "foobar");
document.documentElement.appendChild(element);

var evt = document.createEvent("Events");
evt.initEvent("MyExtensionEvent", true, false);
element.dispatchEvent(evt);

触发的事件不会冒泡到特权父域。如果将 eventListener 添加到 iframe 本身,则会收到调度的事件,类似地,如果在特权上下文(index.html)中生成自定义事件,则父窗口会收到通知,但不跨层次结构。我错过了一些基本的东西吗?

4

1 回答 1

2

Given that you link to Prevent target="_top" from taking over UI in Mozilla Chromeless I guess that the frame you loaded the remote application into is a content frame (which it definitely should be). This means that a security boundary is established between your privileged code and the content, and in particular for the frame it looks like it is on the top level - it cannot access the privileged document (easy to check, add alert(window == window.parent) to the frame code). All this makes sense security-wise but it also means that using postMessage() for communication will not be possible.

https://developer.mozilla.org/en/Code_snippets/Interaction_between_privileged_and_non-privileged_pa ​​ges 上描述了一种更尴尬的通信方法。它的优点是可以安全地跨越安全边界。

于 2011-09-08T06:32:47.847 回答