Open a new tab/window and write something to it?

2019-01-07 22:48发布

站内问答 / JavaScript
1256 3 5

I'm using Execute JS to write and test Javascript code within Firefox. I want to open a new tab/window and write something to it and I tried

var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"].getService(Components.interfaces.nsIWindowMediator);
var win = wm.getMostRecentWindow("navigator:browser");
printWindow = win.open("about:blank");
printWindow = wm.getMostRecentWindow("navigator:browser");
printWindow.gBrowser.selectedBrowser.contentDocument.write('hello');

And

myWindow=window.open('','','width=200,height=100')
myWindow.document.write("<p>This is 'myWindow'</p>")
myWindow.focus()

However I always get this error

[Exception... "The operation is insecure." code: "18" nsresult: "0x80530012 (SecurityError)"

Is there any way to get through this exception?

3条回答
祖国的老花朵
2楼-- · 2019-01-07 23:26

Top-level navigation to data URLs has been blocked in Chrome, Firefox (with some exceptions), IE, and Edge (and likely other browsers to boot). They are apparently commonly used for phishing attacks, and major browser vendors decided that the danger outweighed the value provided by legitimate use cases.

This Mozilla security blog post explains that Firefox will block

  • Web page navigating to a new top-level data URL document using:
    • window.open("data:…");
    • window.location = "data:…"
    • clicking <a href="data:…"> (including ctrl+click, ‘open-link-in-*’, etc).
  • Web page redirecting to a new top-level data URL document using:
    • 302 redirects to "data:…"
    • meta refresh to "data:…"
  • External applications (e.g., ThunderBird) opening a data URL in the browser

but will not block

  • User explicitly entering/pasting "data:…" into the address bar
  • Opening all plain text data files
  • Opening "data:image/*" in top-level window, unless it’s "data:image/svg+xml"
  • Opening "data:application/pdf" and "data:application/json"
  • Downloading a data: URL, e.g. ‘save-link-as’ of "data:…"

You can also read the proposal to deprecate and remove top-frame navigation to data URLs in Chrome and view the current Chrome status indicating that is has been removed.

As for how to actually open HTML in a new tab or window, this should be sufficient:

var tab = window.open('about:blank', '_blank');
tab.document.write(html); // where 'html' is a variable containing your HTML
tab.document.close(); // to finish loading the page

Note that at least in Chrome, external scripts injected via document.write might not be loaded on slower connections. That might not be relevant here, but something to watch out for.

查看更多
0人赞 添加讨论(0) 举报
Lonely孤独者°
3楼-- · 2019-01-07 23:28

Edit: As of 2018, this solution no longer works. So you are back to opening about:blank in a new window and adding content to it.

Don't "write" to the window, just open it with the contents you need:

var data = "<p>This is 'myWindow'</p>";
myWindow = window.open("data:text/html," + encodeURIComponent(data),
                       "_blank", "width=200,height=100");
myWindow.focus();

For reference: data URIs

查看更多
0人赞 添加讨论(0) 举报
一夜七次
4楼-- · 2019-01-07 23:28 
var winPrint = window.open('', '', 'left=0,top=0,width=800,height=600,toolbar=0,scrollbars=0,status=0');
winPrint.document.write('<title>Print  Report</title><br /><br /> 
Hellow World');
winPrint.document.close();

window.open(uri) does not work in chrome as of 2018

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)