从firefox扩展中加载外部脚本
[英]Loading an external script from within firefox extension
问题描述
I am currently rewriting a firefox extension to be used only internally at my company. 
我目前正在重写一个firefox扩展,只能在公司内部使用。 I started out by moving most of the logic into an external js file loaded via a script tag within the xul overlay. 我首先将大多数逻辑移到通过xul覆盖内的脚本标签加载的外部js文件中。 (We've found it hard to get our employees to consistently upgrade so I thought I could get around that). (我们发现很难让我们的员工不断升级,所以我认为我可以解决这个问题)。 It worked fine like this: 像这样工作正常:
<overlay id="my-overlay"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
xmlns:html="http://www.w3.org/1999/xhtml">
<script type="application/x-javascript" src="https://my.company.com/path/to/jquery.min.js/>
<script type="application/x-javascript" src="https://my.company.com/path/to/toolbar/main.js"/>
<toolbox id="navigator-toolbox">
<!-- some stuff here -->
</toolbox>
But then I had the crazy idea of loading the script file dynamically so that I could use preferences to determine whether it would load from the production servers or alpha/beta servers. 但是后来我有了一个疯狂的想法,那就是动态加载脚本文件,以便可以使用首选项来确定是从生产服务器还是从alpha / beta服务器加载该文件。 And that's when I failed miserably. 那是我惨败的时候。
I've tried the following unsuccessfully: 我尝试了以下失败:
- $.ajax({ dataType: 'script', ... }) // appears to do absolutely nothing $ .ajax({dataType:'script',...})//似乎无能为力
- $('overlay').appendChild('', { src: ... }) // script tag is added but not executed $('overlay')。appendChild('',{src:...})//脚本标签已添加但未执行
- document.createElementNS, etc // script tag is is added but not executed document.createElementNS等, //已添加但未执行脚本标签
- Components.utils.import // does not accept http protocol Components.utils.import //不接受HTTP协议
- mozIJSSubScriptLoader // does not accept http protocol mozIJSSubScriptLoader //不接受http协议
I haven't attempted Components.utils.evalInSandbox but given its restrictions, I'm afraid it would require significant other code changes that would not be worth the slight simplification of the development cycle. 我没有尝试过Components.utils.evalInSandbox但是由于它的限制,我担心它需要对其他代码进行重大更改,这不值得稍微简化开发周期。
From reading thru much more mozilla documentation and bugs it appears that basically what I'm attempting to do is breaking various security concerns (I understand in principle but of course in my case, I have full control of both ends). 通过阅读更多的mozilla文档和错误,似乎我基本上正在尝试打破各种安全问题(我原则上理解,但当然,就我而言,我对两端都拥有完全控制权)。
The thing that bothers me is that it appears to work fine as long as I hard code the script tag but only fails once I try to dynamically generate it. 令我困扰的是,只要我对脚本标记进行硬编码,它似乎就可以正常工作,但是只有在尝试动态生成它时才会失败。 Should I just toss in the towel or does someone know a way to make this work? 我应该扔毛巾还是有人知道做这项工作的方法?
1 个解决方案
解决方案1
1 已采纳 2011-07-27 08:30:28
Have you tried the brute-force approach of reading in the file using XMLHttpRequest and then just calling eval() to run it? 您是否尝试过使用XMLHttpRequest读取文件然后仅调用eval()来运行文件的强力方法? On the face of it this seems scary from a security perspective but, as you say, using a script tag with an HTTP source URL is basically the same thing. 从表面上看,从安全角度看,这似乎很可怕,但是,正如您所说,将脚本标签与HTTP源URL一起使用基本上是同一回事。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.