- Background
A basic security idea for browser's security is the same-origin policy (discussion here) which protects web sites from one another. For example, the same-origin policy stops a news site from reading the contents of your Gmail inbox or use Javascript to access information from other frames in the same window.
Different browsers have different security approaches:
Google Chrome :
- prevents users from clicking Internet-based hyperlinks to local web pages
- blocks local web pages from reading the contents of arbitrary web sites
Firefox:- blocks local web pages from reading Internet pages
- restricts a local web page to reading only files in the same directory, or a subdirectory
- Problem:
If you have an .xml file that references an .xls, (both files are locale), when I open it in Firefox the stylesheet is not applied. The contents appear unformatted. If I open it with Chrome a blank page appears, and I get an error on the Developer Console:
Unsafe attempt to load URL file:///C:/test.xsl from frame with URL file:///test.xml. Domains, protocols and ports must match.
- Workaround:
- Firefox: This site explains how to enable local documents to have access to all other local documents, including directory listings. And security implications, recommended settings, etc.
- From a discussion on issue 39616, a workaround for Chrome is to start it with following 2 flags: --enable-file-cookies --disable-web-security.
- References:
- Security in Depth: Local Web Pages
- Firefox Security.fileuri.strict origin policy
- Chromium Issue 39616: XML with XSL not shown
Thursday, January 7, 2010
Stylesheets in Firefox and Chrome
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment