Doesn't seem to work with NoScript :(

Issue #7 new
m c
created an issue

Is there any chance you could make it work when the NoScript extension is installed and enabled? or is it maybe possible to enable it by changing some option in NoScript?



Comments (1)

  1. m c reporter

    I reported this on NoScript forum too, and the discussion went as follows:

    Does anything appear in the Browser Console (Ctrl+Shift+J)?

    Just this:

    : Component returned failure code: 0x805e0007 [nsIWebNavigation.loadURIWithOptions] browser.xml:154:0

    OK I've disassembled Markdown Editor, and I think I see what's going on. The preview is done by dynamically loading data: URIs:

           var conv = new Showdown.converter(),
               wn = Components.interfaces.nsIWebNavigation;
           var html = conv.makeHtml(textbox.value);
           var data = "data:text/html;charset=utf-8," + escape(html);
           //browser.loadURI(data, wn.LOAD_FLAGS_DISALLOW_INHERIT_OWNER, "utf-8");
           browser.loadURIWithFlags(data, wn.LOAD_FLAGS_DISALLOW_INHERIT_OWNER, null, "utf-8", null);

    IIUC whats going on, it's that "LOAD_FLAGS_DISALLOW_INHERIT_OWNER" is causing the data: URIs to lose origin info, and NoScript completely blocks data: URIs that aren't originate from a trusted source.

    No idea what's best to do about this, here are some possibilities:

    • Markdown Editor's code is unfinished some places and suboptimal others (is it REALLY needed to validate URLs with a hairy regexp that ignores schemes other than http/https/ftp? Is there nothing directly provided by Gecko that can validate a URL?). Anyway.. Markdown Editor could change its approach, for example set innerHTML property instead.
    • Can Markdown Editor be run as a standalone application via XULRunner? Or run it in its own profile? (Or is functionality lost that way?)

    Can this possibly help you make it work with NoScript?

  2. Log in to comment