Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can I make iframe create with bootstrap extension load dtds properly? #45

Closed
117649 opened this issue Aug 3, 2020 · 0 comments
Closed

How can I make iframe create with bootstrap extension load dtds properly? #45

117649 opened this issue Aug 3, 2020 · 0 comments

Comments

@117649
Copy link

117649 commented Aug 3, 2020

Could I elevate the privilege of an iframe so it can load dtds to its src?
Just like this function did with the XMLHttpRequest()?

  fetchOverlay(srcUrl) {
    if (!srcUrl.startsWith("chrome://") && !srcUrl.startsWith("resource://")) {
      throw new Error(
        "May only load overlays from chrome:// or resource:// uris"
      );
    }

    let xhr = new this.window.XMLHttpRequest();
    xhr.overrideMimeType("application/xml");
    xhr.open("GET", srcUrl, false);

    // Elevate the request, so DTDs will work. Should not be a security issue since we
    // only load chrome, resource and file URLs, and that is our privileged chrome package.
    try {
      xhr.channel.owner = Services.scriptSecurityManager.getSystemPrincipal();
    } catch (ex) {
      oconsole.error(
        "Failed to set system principal while fetching overlay " + srcUrl
      );
      xhr.close();
      throw new Error("Failed to set system principal");
    }

    xhr.send(null);
    return xhr;
  }
@117649 117649 closed this as completed Aug 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@117649