Error: Not allowed to define cross-origin object as property on [Object] or [Array] XrayWrapper
Error: Not allowed to define cross-origin object as property on [Object] or [Array] XrayWrapper
如何避免以下错误以及为什么会出现此错误?
编辑:也许我不得不问如何使特权范围内的对象对特权较低的范围可见。
我的目标是 export/return 为页面脚本动态创建对象作为先前 cloned/injected 函数的 return 值。
manifest.json
{
"manifest_version": 2,
"name": "foo",
"version": "1.0.0",
"description": "Does something",
"content_scripts": [
{
"matches": ["<all_urls>"],
"js": ["content-script.js"]
}
]
}
内容-script.js
function foo (obj) {
obj.x = {"xxx": 444};
}
window.wrappedJSObject.foo = exportFunction(foo, window);
页面脚本(可插入网络控制台)
foo({"sss": 333})
// Error: Not allowed to define cross-origin object as property on [Object] or [Array] XrayWrapper
在 brwoser 控制台的更深处,我得到了这个:
"ObjectActor.prototype.grip previewer function threw an exception: Error: Permission denied to access object
Stack: PseudoArray@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/object.js:1797:16
ObjectActor.prototype.grip@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/object.js:131:15
WCA_objectGrip@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/webconsole.js:483:12
createValueGrip@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/object.js:2187:14
WCA_createValueGrip@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/webconsole.js:429:12
WCA_onEvaluateJS@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/webconsole.js:900:21
WCA_onEvaluateJSAsync@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/webconsole.js:857:20
onPacket@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/main.js:1743:15
ChildDebuggerTransport.prototype.receiveMessage@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/transport/transport.js:761:7
Line: 0, column: 0"
我认为我没有完全理解 XRay 行为,所以由于安全机制,我不确定这是否可能。
试图解释如何 Xray vision work in detail is not within my ability, but the problem here should be that you are creating {"xxx": 444} in a script context with other permission than the page script that is trying to access x. This means the page script won't be allowed to access this data. The solution is to create the object within the page context, this can be done with cloneInto。
content-script.js
function foo (obj) {
obj.x = cloneInto({"xxx": 444}, obj);
}
window.wrappedJSObject.foo = exportFunction(foo, window);
如何避免以下错误以及为什么会出现此错误?
编辑:也许我不得不问如何使特权范围内的对象对特权较低的范围可见。
我的目标是 export/return 为页面脚本动态创建对象作为先前 cloned/injected 函数的 return 值。
manifest.json
{
"manifest_version": 2,
"name": "foo",
"version": "1.0.0",
"description": "Does something",
"content_scripts": [
{
"matches": ["<all_urls>"],
"js": ["content-script.js"]
}
]
}
内容-script.js
function foo (obj) {
obj.x = {"xxx": 444};
}
window.wrappedJSObject.foo = exportFunction(foo, window);
页面脚本(可插入网络控制台)
foo({"sss": 333})
// Error: Not allowed to define cross-origin object as property on [Object] or [Array] XrayWrapper
在 brwoser 控制台的更深处,我得到了这个:
"ObjectActor.prototype.grip previewer function threw an exception: Error: Permission denied to access object
Stack: PseudoArray@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/object.js:1797:16
ObjectActor.prototype.grip@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/object.js:131:15
WCA_objectGrip@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/webconsole.js:483:12
createValueGrip@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/object.js:2187:14
WCA_createValueGrip@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/webconsole.js:429:12
WCA_onEvaluateJS@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/webconsole.js:900:21
WCA_onEvaluateJSAsync@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/webconsole.js:857:20
onPacket@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/main.js:1743:15
ChildDebuggerTransport.prototype.receiveMessage@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/transport/transport.js:761:7
Line: 0, column: 0"
我认为我没有完全理解 XRay 行为,所以由于安全机制,我不确定这是否可能。
试图解释如何 Xray vision work in detail is not within my ability, but the problem here should be that you are creating {"xxx": 444} in a script context with other permission than the page script that is trying to access x. This means the page script won't be allowed to access this data. The solution is to create the object within the page context, this can be done with cloneInto。
content-script.js
function foo (obj) {
obj.x = cloneInto({"xxx": 444}, obj);
}
window.wrappedJSObject.foo = exportFunction(foo, window);