Open a new tab/window and write something to it?

I'm using Execute JS to write and test Javascript code within Firefox. I want to open a new tab/window and write something to it and I tried

var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"].getService(Components.interfaces.nsIWindowMediator);
var win = wm.getMostRecentWindow("navigator:browser");
printWindow = win.open("about:blank");
printWindow = wm.getMostRecentWindow("navigator:browser");
printWindow.gBrowser.selectedBrowser.contentDocument.write('hello');

And

myWindow=window.open('','','width=200,height=100')
myWindow.document.write("<p>This is 'myWindow'</p>")
myWindow.focus()

However I always get this error

[Exception... "The operation is insecure." code: "18" nsresult: "0x80530012 (SecurityError)"

Is there any way to get through this exception?

Answers


Edit: As of 2018, this solution no longer works. So you are back to opening about:blank in a new window and adding content to it.

Don't "write" to the window, just open it with the contents you need:

var data = "<p>This is 'myWindow'</p>";
myWindow = window.open("data:text/html," + encodeURIComponent(data),
                       "_blank", "width=200,height=100");
myWindow.focus();

For reference: data URIs


Top-level navigation to data URLs has been blocked in Chrome, Firefox (with some exceptions), IE, and Edge (and likely other browsers to boot). They are apparently commonly used for phishing attacks, and major browser vendors decided that the danger outweighed the value provided by legitimate use cases.

This Mozilla security blog post explains that Firefox will block

  • Web page navigating to a new top-level data URL document using:
    • window.open("data:…");
    • window.location = "data:…"
    • clicking <a href="data:…"> (including ctrl+click, ‘open-link-in-*’, etc).
  • Web page redirecting to a new top-level data URL document using:
    • 302 redirects to "data:…"
    • meta refresh to "data:…"
  • External applications (e.g., ThunderBird) opening a data URL in the browser

but will not block

  • User explicitly entering/pasting "data:…" into the address bar
  • Opening all plain text data files
  • Opening "data:image/*" in top-level window, unless it’s "data:image/svg+xml"
  • Opening "data:application/pdf" and "data:application/json"
  • Downloading a data: URL, e.g. ‘save-link-as’ of "data:…"

You can also read the proposal to deprecate and remove top-frame navigation to data URLs in Chrome and view the current Chrome status indicating that is has been removed.

As for how to actually open HTML in a new tab or window, this should be sufficient:

var tab = window.open('about:blank', '_blank');
tab.document.write(html); // where 'html' is a variable containing your HTML
tab.document.close(); // to finish loading the page

Note that at least in Chrome, external scripts injected via document.write might not be loaded on slower connections. That might not be relevant here, but something to watch out for.


var winPrint = window.open('', '', 'left=0,top=0,width=800,height=600,toolbar=0,scrollbars=0,status=0');
winPrint.document.write('<title>Print  Report</title><br /><br /> 
Hellow World');
winPrint.document.close();

window.open(uri) does not work in chrome as of 2018


Need Your Help

Switch statement equivalent in Windows batch file

batch-file switch-statement

I wonder if there is a simple way to branch execution in a Windows batch file depending on the value of one single expression. Something akin to switch/case blocks in C, C++, C#, Java, JavaScript, ...

how does ASP.NET validate anti-forgery token

asp.net security xss antiforgerytoken

I wonder how does ASP.NET check if an anti-forgery token is valid or not? Like where is ASP.NET storing those tokens? And how are they stored?