Extension Developers – Unbreaking News, Part 2

I love reporting “unbreaking news” and I have some report. I posted about a security change (bug 418356) to mozIJSSubScriptLoader that broke loading scripts from any non-chrome URI. An alternate fix has landed that allows file: and resource: URIs to be loaded by the subscript loader again.

Therefore, this will continue to work:

var obj = {};
var loader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
                       .getService(Components.interfaces.mozIJSSubScriptLoader);
loader.loadSubScript("file:///blah.js", obj);

Unfortunately, data: URIs are harder to secure and will not work with the subscript loader. Fortunately, there are workarounds for data: URIs – you can save the script to a file and use file: or you can use evalInSandbox to evaluate the script.

Thanks to Boris Zbarsky and Johnny Stenbeck for the more robust fix.

1 Comment

  1. JACK said,

    March 27, 2008 @ 8:49 am

    Hello Mark
    I am a student,now i am doing my thesis,I have embedding Mozilla in a MFC application by Mozilla activex control, in Mozilla, i will run XUL file, the topic require there is communication between XUL and MFC,like create a view in mfc that can catch and handle the events that happened in XUL, and can transport data from MFC to XUL, is it possible to do it by the mozilla control or do it in another way, really i have no idea how to do it,can you give me some hint about that, i will very appreicate about that

RSS feed for comments on this post