On 4/16/15 4:30 AM, Frederik Braun wrote:
Running our code in someone else's origin sounds undesired indeed. Not
only because of CSP: What if someone puts this in a frame (or a popup)
and interacts with this JSON viewer?
So the way the XML viewer handles this is basically the following:
1) It leaves the original DOM unmodified (but _may_ style it
display:none; I'd have to check).
2) It creates an anonymous DOM for the tree display.
3) It runs the script to manage that tree display in the XBL global,
not the document global.
4) If someone modifies the original DOM, it kills off all its special
stuff and just starts showing that original DOM.
This basically aimed for maximum compat, esp. since XML can go from
"just XML" to "now there is some HTML here, which we should probably
render". It does have the drawback of more memory usage for large XML
files (original DOM and display DOM) and various other complexity.
Maybe we can build a JSON-specific handler in `view-source'?
How would the view-source load happen, exactly? Keep in mind, the
desired workflow here is that user loads http://foo.net/something.json
and we want to show the viewer... while continuing to show
"http://foo.net/something.json"; in the URL bar.
Avoiding doing this in a frame is easy if we want. Avoiding a popup is
possible, if want. It's a matter of what UX we actually want there,
though...
WDYT? Maybe view-source could show colored HTML for _this_ content type
and prettified JSON for _that_ content type. AFAIR we even had something
like this for XML in the tree - didnt we?
The XML viewer does not use view-source.
-Boris
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
