Open a new tab/window and write something to it?

Question

I'm using Execute JS to write and test Javascript code within Firefox. I want to open a new tab/window and write something to it and I tried

var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"].getService(Components.interfaces.nsIWindowMediator);
var win = wm.getMostRecentWindow("navigator:browser");
printWindow = win.open("about:blank");
printWindow = wm.getMostRecentWindow("navigator:browser");
printWindow.gBrowser.selectedBrowser.contentDocument.write('hello');

And

myWindow=window.open('','','width=200,height=100')
myWindow.document.write("<p>This is 'myWindow'</p>")
myWindow.focus()

However I always get this error

[Exception... "The operation is insecure." code: "18" nsresult: "0x80530012 (SecurityError)"

Is there any way to get through this exception?

Answer 1

Top-level navigation to data URLs has been blocked in Chrome, Firefox (with some exceptions), IE, and Edge (and likely other browsers to boot). They are apparently commonly used for phishing attacks, and major browser vendors decided that the danger outweighed the value provided by legitimate use cases.

This Mozilla security blog post explains that Firefox will block

• Web page navigating to a new top-level data URL document using:
  • window.open("data:…");
  • window.location = "data:…"
  • clicking <a href="data:…"> (including ctrl+click, ‘open-link-in-*’, etc).
• Web page redirecting to a new top-level data URL document using:
  • 302 redirects to "data:…"
  • meta refresh to "data:…"
• External applications (e.g., ThunderBird) opening a data URL in the browser

but will not block

• User explicitly entering/pasting "data:…" into the address bar
• Opening all plain text data files
• Opening "data:image/*" in top-level window, unless it’s "data:image/svg+xml"
• Opening "data:application/pdf" and "data:application/json"
• Downloading a data: URL, e.g. ‘save-link-as’ of "data:…"

You can also read the proposal to deprecate and remove top-frame navigation to data URLs in Chrome and view the current Chrome status indicating that is has been removed.

As for how to actually open HTML in a new tab or window, this should be sufficient:

var tab = window.open('about:blank', '_blank'); tab.document.write(html); // where 'html' is a variable containing your HTML tab.document.close(); // to finish loading the page 

Note that at least in Chrome, external scripts injected via document.write might not be loaded on slower connections. That might not be relevant here, but something to watch out for.

Answer 2

Edit: As of 2018, this solution no longer works. So you are back to opening about:blank in a new window and adding content to it.

Don't "write" to the window, just open it with the contents you need:

var data = "<p>This is 'myWindow'</p>";
myWindow = window.open("data:text/html," + encodeURIComponent(data),
                       "_blank", "width=200,height=100");
myWindow.focus();

For reference: data URIs