Chrome equivalent in an IE BHO?

July 1, 2007 By in Firefox to IE port Leave a comment

Chrome

When you’re writing a Firefox extension, you can reference images and other files you package with your installer using the chrome:// URL protocol. This is really useful if you want to inject images into a page, since you can put the images inside your extension’s folder, and then create an image tag with the src set to something like chrome://petesearch/skin/magnifier.png.

Internet Explorer doesn’t have anything like this unfortunately. No problem, I thought, I’ll just add the images to the directory where the DLL is installed, and reference them from there. After trying that, I realized that the images were never being loaded, and though I couldn’t find any documentation to back this up, decided it was probably blocked by a security policy. Remote pages accessing files from the local disk, even if they’re just images, could theoretically be used as part of an exploit, or at least to access some information about the user’s file system. IE doesn’t know that the local file reference has been inserted by our BHO, so it blocks it.

I compared notes on this with Georges-Etienne Legendre since he was also hitting this problem. I’m developing on Vista, it appears that on XP you can still reference local image files on http pages, but not ones that use the https protocol.

Here’s the suggestions I’ve had on how to inject a local image into a remote page:

  • Use the res: protocol to reference an image within the BHO’s dll. This was suggested on the MSDN extensions forum by Rob of IECustomizer.com. I haven’t tried this yet, but I’ve got a strong feeling that this protocol will be at least as restricted as file:, if not more, so I’m not holding out much hope.
  • Write an Asynchronous Pluggable Protocol to implement something like data:. This was suggested by Georges-Etienne, apparently IE7Pro does something similar to solve this problem. It seems like it would be quite a lot of work, and I’m not sure about the details of how you could use it to solve the problem.

For now, I’ve decided to side-step the problem by hosting the images I need on my own server. This works fine, but it’s a bit wasteful of network resources, and I hoped to keep the extension from having any dependencies on a single server.

I’d love to hear any suggestions on other ways to tackle this, or more info on the security restrictions that cause the problem.

More posts on porting Firefox add-ons to IE

Leave a comment