Can I access an extension from with a web pages javascript?
-
- Posts: 3
- Joined: November 25th, 2004, 9:37 am
Can I access an extension from with a web pages javascript?
Sorry if this has been asked many times before, but I'm trying to write an extension which I'd like to be accessable from a normal web page's javascript.
However, I can't find any way of doing this.
If anyone knows of any way that I can make normal javascript code call into my extension in any shape or form, please please let me know.
(Just a pointer to examples of this already being done would be nice....)
Thanks in advance
Simon
However, I can't find any way of doing this.
If anyone knows of any way that I can make normal javascript code call into my extension in any shape or form, please please let me know.
(Just a pointer to examples of this already being done would be nice....)
Thanks in advance
Simon
-
- Posts: 21
- Joined: August 12th, 2004, 7:17 am
- Contact:
A web site should never be able to access anything in the chrome (including extensions) for security reasons, but realtime communication via the DOM is theorhetically doable. One way to do it that would be to have your extension "listen" for a particular DOM element and use it as "socket". It would be the same concept as the old iframe rpc stuff without the need for http requests.
Edit:
A couple threads below this one, another, probably better method is talked about using an event as the socket.
http://forums.mozillazine.org/viewtopic.php?t=166342
Edit:
A couple threads below this one, another, probably better method is talked about using an event as the socket.
http://forums.mozillazine.org/viewtopic.php?t=166342
- jensb
- Posts: 544
- Joined: April 23rd, 2003, 12:42 pm
- Location: Germany
- Contact:
-
- Posts: 3
- Joined: November 25th, 2004, 9:37 am
thanks for the replies so far, and as asked for here's a more complete description of what I want to do...
History: I have an ActiveX control which I use regularly in my web pages. It allows certain programs to be run on the client according to some basic security settings, some of which are stored in the registry and some are hard coded. This, together with some clever stuff in the web server, allows me to launch various client server programs without forcing the user to log in each time - merely once, into the web site.
I have had lots of requests to support Firefox, which I admit is my browser of choice - I only use IE to access my applications.
Now, writing an extension that provides the same functionality as the ActiveX control is trivial.
However most of my site uses javascript in the web pages to control the control.
What I'd like to do is use similar code to control an extension.
The typical code I use to control the ActiveX control looks like...
> var launcher_installed = checkLauncher( launcher );
>
> if ( launcher_installed == 2 )
> {
> launcher.resetSwitches();
>
> launcher.addSwitch( 'application', application );
> launcher.addSwitch( 'host', 'localhost:80' );
>
> launcher.go( launcher_software, '' );
> }
Once again, thanks in advance for any help you can give...
Simon
History: I have an ActiveX control which I use regularly in my web pages. It allows certain programs to be run on the client according to some basic security settings, some of which are stored in the registry and some are hard coded. This, together with some clever stuff in the web server, allows me to launch various client server programs without forcing the user to log in each time - merely once, into the web site.
I have had lots of requests to support Firefox, which I admit is my browser of choice - I only use IE to access my applications.
Now, writing an extension that provides the same functionality as the ActiveX control is trivial.
However most of my site uses javascript in the web pages to control the control.
What I'd like to do is use similar code to control an extension.
The typical code I use to control the ActiveX control looks like...
> var launcher_installed = checkLauncher( launcher );
>
> if ( launcher_installed == 2 )
> {
> launcher.resetSwitches();
>
> launcher.addSwitch( 'application', application );
> launcher.addSwitch( 'host', 'localhost:80' );
>
> launcher.go( launcher_software, '' );
> }
Once again, thanks in advance for any help you can give...
Simon
- jensb
- Posts: 544
- Joined: April 23rd, 2003, 12:42 pm
- Location: Germany
- Contact:
An easy way to provide a one-way notification is using standard DOM calls for passing information via HTML element nodes and custom events. In your extension, write the following:
Update 2005-12-30: Firefox 1.0.5 added an optional fourth parameter indicating whether your chrome code wants to accept untrusted events (= synthesized by web content), see above. Details in Bug 289940. Thanks to asqueella for notifying me.
Then, in a web page, do the following:
This first creates an <MyExtensionDataElement> and inserts it into the web page's document tree, sets some attributes and then creates and dispatches a MyExtensionEvent (just like the "click" event you catch with "onclick" handlers). The event bubbles up from the web page and reaches the chrome (extension level), where your listener catches it, and reads some data from the DOM node where the event originated (the MyExtensionDataElement).
To "answer" to the web page, your extension could set an attribute (return code etc.) on the event target element.
Security Note 1: never, never invoke one of the web page's JavaScript functions from your extension - doing this would be a huge security leak, as the function would run with full privileges (just like the extension).
Security Note 2: If possible, have your extension ignore any events when the currently shown web page is not on your server...
Note 3: It might be a good idea to clean up the created element, or to create it once when the web page loads and then re-use it each time you send a "message" to the extension.
(If anyone feels like this approach should be on the knowledge base, feel free to adapt it and put it there.)
Code: Select all
function myListener(e) {
alert("data:" + e.target.getAttribute("application") + "/" + e.target.getAttribute("host"));
}
document.addEventListener("MyExtensionEvent", myListener, false, true);
Update 2005-12-30: Firefox 1.0.5 added an optional fourth parameter indicating whether your chrome code wants to accept untrusted events (= synthesized by web content), see above. Details in Bug 289940. Thanks to asqueella for notifying me.
Then, in a web page, do the following:
Code: Select all
if ("createEvent" in document)
{
var element = document.createElement("MyExtensionDataElement");
element.setAttribute("application", "fubar");
element.setAttribute("host", "localhost:80");
document.documentElement.appendChild(element);
var ev = document.createEvent("Events");
ev.initEvent("MyExtensionEvent", true, false);
element.dispatchEvent(ev);
}
This first creates an <MyExtensionDataElement> and inserts it into the web page's document tree, sets some attributes and then creates and dispatches a MyExtensionEvent (just like the "click" event you catch with "onclick" handlers). The event bubbles up from the web page and reaches the chrome (extension level), where your listener catches it, and reads some data from the DOM node where the event originated (the MyExtensionDataElement).
To "answer" to the web page, your extension could set an attribute (return code etc.) on the event target element.
Security Note 1: never, never invoke one of the web page's JavaScript functions from your extension - doing this would be a huge security leak, as the function would run with full privileges (just like the extension).
Security Note 2: If possible, have your extension ignore any events when the currently shown web page is not on your server...
Note 3: It might be a good idea to clean up the created element, or to create it once when the web page loads and then re-use it each time you send a "message" to the extension.
(If anyone feels like this approach should be on the knowledge base, feel free to adapt it and put it there.)
Last edited by jensb on December 29th, 2005, 4:15 pm, edited 1 time in total.
-
- Posts: 21
- Joined: August 12th, 2004, 7:17 am
- Contact:
-
- Posts: 3
- Joined: November 25th, 2004, 9:37 am
Thank you very much
Just to say thanks very much for the reply and the example code. It will definitely make my life much easier...
Simon
Simon
-
- Posts: 4019
- Joined: November 16th, 2003, 3:05 am
- Location: Russia, Moscow
Security Note 1: never, never invoke one of the web page's JavaScript functions from your extension - doing this would be a huge security leak, as the function would run with full privileges (just like the extension).
Well, not with full privileges, but it's still not recommended and xpcnativewrappers don't let you do that in the more recent versions of Fx.
-
- Posts: 2
- Joined: July 6th, 2007, 12:21 pm
Using DOM events and an HTML element only allows you to pass static data across from the extension to the web page. However, what do you do if you want to pass a JS object across to the web page? You can create your own XPCOM object in the extension but, to access it from the web page you would still need UniversalXPCOM access. Not sure how you can get that privilge for your application only?
-
- Posts: 0
- Joined: December 31st, 1969, 5:00 pm
-
- Posts: 2
- Joined: July 6th, 2007, 12:21 pm
I believe that doesn't work. If it did it would be a security risk, as you would be able to pass any object created in the extension which has full security privileges to a web page script (i.e. an untrusted source).Michael Buckley wrote:Well you would put the js object as an object on the element ashishnm
aElement.object = javaScriptObject;
-
- Posts: 0
- Joined: December 31st, 1969, 5:00 pm
-
- Posts: 7
- Joined: February 5th, 2009, 9:27 pm
Re: Can I access an extension from with a web pages javascript?
many thanks to jensb for the post.. it was really helpful!! :)
-
- Posts: 1
- Joined: December 18th, 2009, 9:38 am
Re: Can I access an extension from with a web pages javascript?
I followed the guide based on this thread https://developer.mozilla.org/en/Code_s ... eged_pages
I works fine.
Now I am trying to follow the recommandation of second security note.
But testing event.target.ownerDocument.location won't work in my case.
I would like to encrypt the attribute content before communicating it to my extension, and then decrypt it in the extension.
Can someone help me on encryption/decrytion using XPCOM or javascript...?
I works fine.
Now I am trying to follow the recommandation of second security note.
But testing event.target.ownerDocument.location won't work in my case.
I would like to encrypt the attribute content before communicating it to my extension, and then decrypt it in the extension.
Can someone help me on encryption/decrytion using XPCOM or javascript...?