Open
Bug 787086
Opened 12 years ago
Updated 2 years ago
Lower Editor iframe privileges
Categories
(DevTools :: Source Editor, defect, P3)
DevTools
Source Editor
Tracking
(Not tracked)
NEW
People
(Reporter: msucan, Unassigned)
Details
Once bug 759351 lands we might be able to lower the privileges we give to the Orion iframe. We need to check if this is possible.
Comment 1•12 years ago
|
||
Any progress on this one? It's blocking Firebug to adopt Orion editor. Honza
Comment 2•12 years ago
|
||
Mihai, when you get a chance can you explain the specific problems with the current orion codebase that prevent this change now?
Reporter | ||
Comment 3•12 years ago
|
||
Good question. IIRC, Orion currently does create an empty iframe that it tries to document.write() into, and it uses XHR to load the stylesheet from a chrome:// URL (in our codebase). Orion's approach forced us into giving the parent iframe chrome privileges. With content-only privileges Orion failed to initialize. That was valid when we first integrated Orion, but I can try and see if simply lowering privileges works with the current Orion we use - maybe I missed some changes that would allow us to do the change right now.
Reporter | ||
Comment 4•12 years ago
|
||
Just tested: Orion fails to initialize if I add iframe.setAttribute("type", "content"). Unfortunately, it's not trivial to fix Orion to work in this case.
Comment 5•12 years ago
|
||
I'm curious what version of the Orion Editor you guys are using? The current release and the one previous haven't been using IFrames, document.write, or xhr to load stylesheets (although of course you can if you like). I'm trying to understand if this is a genuine problem in the Orion Editor or just a problem with the current snapshot being used. If there is a problem preventing you from upgrading to the current release let me know.
Comment 6•12 years ago
|
||
Orion version: git clone from 2012-01-26 commit hash 1d1150131dacecc9f4d9eb3cdda9103ea1819045 + patch for Eclipse Bug 370584 - [Firefox] Edit menu items in context menus http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=137d5a8e9bbc0fa204caae74ebd25a7d9d4729bd see https://bugs.eclipse.org/bugs/show_bug.cgi?id=370584 + patches for Eclipse Bug 370606 - Problems with UndoStack and deletions at the beginning of the document http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=cec71bddaf32251c34d3728df5da13c130d14f33 http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=3ce24b94f1d8103b16b9cf16f2f50a6302d43b18 http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=27177e9a3dc70c20b4877e3eab3adfff1d56e342 see https://bugs.eclipse.org/bugs/show_bug.cgi?id=370606 + patch for Mozilla Bug 730532 - remove CSS2Properties aliases for MozOpacity and MozOutline* see https://bugzilla.mozilla.org/show_bug.cgi?id=730532#c3 // content from the README file in Orion folder
Reporter | ||
Comment 7•12 years ago
|
||
(In reply to simon.kaegi from comment #5) > I'm curious what version of the Orion Editor you guys are using? > > The current release and the one previous haven't been using IFrames, > document.write, or xhr to load stylesheets (although of course you can if > you like). I'm trying to understand if this is a genuine problem in the > Orion Editor or just a problem with the current snapshot being used. > > If there is a problem preventing you from upgrading to the current release > let me know. Thank you Simon! We just need to get around to update Orion to the latest version. We will do this soon.
Comment 8•11 years ago
|
||
I'm wondering if this is also an issue with CodeMirror?
Summary: Lower Orion iframe privileges → Lower Editor iframe privileges
Comment 9•10 years ago
|
||
I'm updating Stylish to open its editor in a tab. I get "SecurityError: The operation is insecure." if I do this with Orion, but no problems with CodeMirror. So I'd say no, not an issue any more.
Updated•6 years ago
|
Product: Firefox → DevTools
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•