Because it cannot access the contentWindow property on cross-domain iframe but in pure Firefox it will work. Here are bunch of codes isolating this problem:
- create 3 files on local server:
test.html
<SCRIPT language="JavaScript" SRC="http://localhost/postmsg.js"></SCRIPT>
<iframe src="http://127.0.0.1/iframe.htm" id="iframe"></iframe>
<div>Click anywhere on this page to see message from embedded iframe,
which do not need to be on the same domain</div>
iframe.html
<SCRIPT language="JavaScript" SRC="http://127.0.0.1/postmsg.js"></SCRIPT>
<div id="message"></div>
postmsg.js
// ==UserScript==
// @include *
// ==/UserScript==
alert('script loaded')
window.addEventListener('click',
function() {
frame = document.getElementsByTagName("iframe")[0]
cwindow = frame.contentWindow //here comes the error anything after this line won't execute in greasemonkey
alert("this won't show in greasemonkey");
cwindow.postMessage("hello, iframe!","*")
},
true);
window.addEventListener("message", function(e){
alert("message from iframe: main window was clicked! " +e.data);
document.getElementById('message').textContent += "message from iframe: main window was clicked!\n"
}, true);
this js file can work as standard included file html, then first comments are ignored, but after renaming extension to user.js can be installed in greasemonkey, and then stops working after line when contentWindow is called
notice that even if main and framed html are on the same server for js interpreter these files are on different domains because j开发者_运维技巧s interpreter doesn't know that localhost and 127.0.0.1 are identical
I've put "@include *" so you can check it on different websites, and it looks like this error only exists on cross domain iframes. If you go to translate.google.com, which has several iframes, but all ont the same domain, this script works as expected
Question is, what the hell cross domain security checking is doing on greasemonkey ? This contradicts this tool usage. A malicious website cannot install script, user must agree to that. I was stuck for long time on this because firebug wasn't indicating that the properties it is showing on cross domain iframe are actually not available on by the browser's js engine.
精彩评论