load chrome image into page - Mozilla

This is a discussion on load chrome image into page - Mozilla ; the following code is to load a image from chrome package, and use the data url to overcome the security control of new FF version. var loader = { loadImage : function (url) { var data = this.loadBinaryResource(url); var ret ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: load chrome image into page

  1. load chrome image into page

    the following code is to load a image from chrome package, and use the
    data url to overcome the security control of new FF version.

    var loader = {

    loadImage : function (url) {
    var data = this.loadBinaryResource(url);
    var ret = "data:image/"+url.substr(url.lastIndexOf(".")
    +1)+";base64,";
    try {
    data = btoa(data);
    }catch (e){
    dump(e);
    }
    ret += data;
    return ret;
    },
    loadBinaryResource : function (url) {
    var req = new XMLHttpRequest();
    req.open('GET', url, false);
    req.overrideMimeType('text/plain; charset=x-user-defined');
    try {
    req.send(null);
    if (req.status != 200) return '';
    return req.responseText;
    }catch (e){
    dump(e);
    }
    return '';
    },
    };

    but I got 2 exceptions:

    1. when url is "chrome://..../.png" it failed. and throw exception. if
    the url is "http://...." it can get the resource.

    2. after the binary data loaded, while encoding into base64, another
    exception thrown.
    [Exception... "String contains an invalid character" code: "5"
    nsresult: "0x80530005 (NS_ERROR_DOM_INVALID_CHARACTER_ERR)"
    location: .....


    is there an perfect example to solve the problem?
    thanks.

  2. Re: load chrome image into page

    On Nov 19, 4:57*pm, Arivald wrote:
    > Chen Zhiyuan pisze:
    >
    > > the following code is to load a image from chrome package, and use the
    > > data url to overcome the security control of new FF version.

    >
    > [...]
    > > but I got 2 exceptions:

    >
    > > 1. when url is "chrome://..../.png" it failed. and throw exception. if
    > > the url is "http://...." it can get the resource.

    >
    > I think it is still security code working. It is good.
    >
    > In case if this code bypass security, FF staff will quickly mate patch
    > to fix this kind of information leaks.
    >
    > --
    > Arivald



    I found the solution from
    http://mgran.blogspot.com/2006/08/do...eams-with.html

    the responseText needs to be modified:

    var out = '';
    for(i=0;i out+=String.fromCharCode
    (req.responseText.charCodeAt(i) & 0xff);
    //out+=req.responseText.charCodeAt(i) & 0xff;
    }
    return out;

    then it works fine.

    But the chrome://..... resource can not be loaded, via this method.

    is there any work around ?

+ Reply to Thread