Not able to parse xmlHttpRequest responseText in a firefox extension_问答_开发者

Not able to parse xmlHttpRequest responseText in a firefox extension

开发者 https://www.devze.com 2023-03-10 01:44 出处：网络

I am building a firefox extension and in the extension I am making a ajax request which returns me a responseText, now I want to parse the response开发者_Go百科Text in the js but I am not able to pars

Please note that if I run the same code on my webserver then it works perfectly. Below is the code

var myHTML = XHR.responseText;
var tempDiv = document.createElement('div');

tempDiv.innerHTML = myHTML;
tempDiv.childNodes;
tempDiv.getElementsByTagName('a'); // etc. etc.

If I use this code on my webserver then I am able to parse childNodes and retrieve their values but If I use this same code in my firefox extension then I am not able to access the childNodes even though I can see the responseText when I am using it in a firefox extension.

I am bit confused about this indifferent behavior of the same code, please help me out.

You better don't insert the HTML code you received from a remote server directly into your privileged document - that's a security vulnerability. Even if you control the server and you are absolutely sure that the server will never be hacked, the data could have been altered on the way. By using innerHTML you might run JavaScript code that has been sent along with the HTML code and that JavaScript code will execute with the privileges of your extensions (meaning that it can do almost anything).

You should create an <iframe> instead and make sure there is a security boundary between your document and that frame (type="content" does that). Something like this:

var myHTML = XHR.responseText;
var tempFrame = document.createElement("iframe");
tempFrame.setAttribute("type", "content");
tempFrame.setAttribute("src", "data:text/html;charset=utf-8," + encodeURIComponent());
document.documentElement.appendChild(tempFrame);
tempFrame.contentWindow.addEventListener("load", function()
{
    tempFrame.contentDocument.documentElement;
    tempFrame.contentDocument.getElementsByTagName('a');
    ...
    tempFrame.parentNode.removeChild(tempFrame);
}, false);

Things are of course easier if you have well-formed XML. Then parsing it is simply a matter of:

var doc = new DOMParser().parseFromString(XHR.responseText, "text/xml");
doc.documentElement;
doc.getElementsByTagName('a');

Edit: Things changed after I wrote this - as of Firefox 10 you can also use DOMParser() for HTML code that isn't well-formed. So if you merely need to extract some data from a piece of HTML code then you shouldn't use frames but rather parseFromString(..., "text/html").

The behavior of the innerHTML setter depends on what sort of document you're in. Firefox chrome is an XML document, so the myHTML string would be parsed as XML in the snippet above. In a web page you were probably writing HTML, not XML, and hence getting HTML parsing. Does your string happen to be OK HTML but not well-formed XML?