Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Unable to write into new window #1534

Closed
Synchro opened this Issue · 2 comments

3 participants

@Synchro

This appears to be the same problem as #1352, however I'm running Firefox 11.0 with GM 0.9.18. Here a minimal test case:

// ==UserScript==
// @name           Open Window
// @namespace      MarcusB
// ==/UserScript==

GM_registerMenuCommand('Open Window', openWindow);

function openWindow(e) {
    w = window.open('', 'My Window', 'height=400,width=500');
    w.document.open('text/plain');
    w.document.write('hello');
    w.document.close();
}

Initially this gets intercepted by the FF popup blocker, but if it's then allowed and the page refreshed, the window opens, but its contents is blank, showing 'about:blank' in the address bar.

Because it's run from a GM_registerMenuCommand entry, it's happening long after the page has loaded, and it's not writing anything back to the page or doing big DOM ops.

If I run the same code from the firebug console (on the same host page, but not in a GM context), it works:

w = window.open('', 'CSV', 'height=400,width=500');w.document.open('text/plain');w.document.write('hello');w.document.close();

I've tried other MIME types, writing into the window on other ways, but it stays blank. The same code works fine in FF outside of GM, so I can only conclude it's a GM problem - or have I missed something?

@arantius
Collaborator

I don't think we can directly fix this. http://wiki.greasespot.net/Location_hack should help you work around it though.

@arantius arantius closed this
@deant

@Arantius, the location hack can't really fix this problem: It's too insecure.

A gearmonkey script needs the ability to create a dynamic page (for example for storing settings particular to that GM script) that can't be interfered with or read by (potentially hostile) page scripts.

(For example, consider a GM script that maintains a list of "blacklisted" users who's posts are automatically hidden on a blogging or messaging site; you'd need a secure page to manage that list).

I'm going to start a new issue about this.

@arantius arantius added this to the Pony milestone
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.