Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

XSLT in Chrome extension: Unsafe attempt to load URL

I'm writing a Chrome extension which should apply XSLT transform to certain XML documents on the fly. Just for testing I use the following XML and XSL files:

XML:

<?xml version="1.0" encoding="utf-8" ?>
<WebServiceMessage>
 <status>timeout</status>
 <message>Nameserver%2520not%2520registered.</message>
 <stepName>Finish</stepName>
 <stepNumber>11</stepNumber>
 <maxStepNumber>11</maxStepNumber>
 <percent>100</percent>
 <session>2fc0f139b88a800151e5f21b9d747919</session>
</WebServiceMessage>

XSL:

<?xml version="1.0" ?>
<xsl:stylesheet version="1.0"
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  <xsl:template match="/">
    <html><head></head>
    <body>
      <xsl:apply-templates/>
    </body>
    </html>
  </xsl:template>
  <xsl:template match="*">
    <xsl:for-each select="*">
      <p><b><xsl:value-of select ="name(.)"/></b>:
      <span><xsl:attribute name="id"><xsl:value-of select ="name(.)"/></xsl:attribute><xsl:value-of select="."/></span></p>
    </xsl:for-each>
  </xsl:template>
</xsl:stylesheet>

The tranfromation works normally if it's linked inside a test XML file itself, that is via:

<?xml-stylesheet type="text/xsl" href="message.xsl"?>

The extension should inject the same xsl link into XML-files.

manifest.json:

{
  "permissions": ["tabs", "<all_urls>"],
  "content_scripts":
  [
    {
      "matches": ["<all_urls>"],
      "js" : ["contentscript.js"]
    }
  ],
  "web_accessible_resources":
  [
    "message.xsl"
  ],
  "manifest_version": 2
}

contentscript.js:

(function()
{
  if(document.xmlVersion != null)
  {
     var e = document.createProcessingInstruction(
               "xml-stylesheet",
               "type='text/xsl' href='" + chrome.extension.getURL("message.xsl") + "'");
     document.insertBefore(e, document.firstChild);
  }
})();

The problem

Chrome outputs the following error into console:

Unsafe attempt to load URL chrome-extension://ladfinoepkgipbeooknnklpakoknohjh/message.xsl from frame with URL http://localhost/out.xml. Domains, protocols and ports must match.

How to fix this? I saw some reports on the Internet related to similar errors, which seems like a bug in Chrome.

I placed the xsl-file on the web-server as well, and changed styleheet link to the web-server. Still the same error:

Unsafe attempt to load URL http://localhost/message.xsl from frame with URL http://localhost/out.xml. Domains, protocols and ports must match.

Apparently domains, protocols, and ports do match.

like image 609
Stan Avatar asked Nov 12 '22 13:11

Stan


1 Answers

Here is a workaround I'm currently using:

function loadXMLtext(url)
{
  xhttp = new XMLHttpRequest();
  xhttp.open("GET", url, false);
  xhttp.send();
  if(xhttp.responseXML == undefined) throw "XHR failed for " + url;
  return xhttp.responseXML;
}

function transformxml()
{
  var xml = loadXMLtext(document.location.href);
  var xsl = loadXMLtext(chrome.extension.getURL("message.xsl"));

  var xsltPrs = new XSLTProcessor();
  xsltPrs.importStylesheet(xsl);

  var result = xsltPrs.transformToFragment(xml, document);

  var xmlsrv = new XMLSerializer();
  var plaintext = xmlsrv.serializeToString(result);
  document.documentElement.innerHTML = plaintext;
}

transformxml();
like image 157
Stan Avatar answered Nov 15 '22 06:11

Stan