I want to be able to parse XML and expose the resulting document to a sandboxed
script. I do this by first by determining the principal corresponding to a
given URI:
var secMan = Services.scriptSecurityManager;
var uri = Services.io.newURI("http://www.example.com/";, "UTF-8", null);
var principal = secMan.getCodebasePrincipal(uri);
and then initializing a DOMParser and a sandbox with the resulting principal:
var dp = Components.classes["@mozilla.org/xmlextras/domparser;1"]
.createInstance(Components.interfaces.nsIDOMParser);
dp.init(principal, uri, uri);
var sandbox = new Components.utils.Sandbox(principal);
and finally parsing a document and passing it to a sandboxed function:
var doc = dp.parseFromString('<myxml/>', 'text/xml');
Components.utils.evalInSandbox(
'function fn(doc) { return doc.documentElement.tagName; }',
sandbox);
sandbox.fn(doc);
However, this last line yields:
Exception: Permission denied to access property 'documentElement'
Am I doing something wrong, or is this a bug?
Thanks,
Simon
_______________________________________________
dev-platform mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-platform
