locked
Can I load local app data into a iframe? RRS feed

  • Question

  • In my html5/js windows app, I have some html files stored in the local app data. I would like to display those in an iframe. Is this possible?

    At the moment Im setting the iframe src to "ms-appx-web:///local/mycoolhtmlpage.html"

    Is this not the right way to do this? Im currently getting error "80004005" (no idea what that means)

    Wednesday, April 24, 2013 12:18 AM

Answers

  • This is not allowed.  The security restrictions put on the app do not allow it to execute code or script located in the application data directory.  See more details on this at http://msdn.microsoft.com/en-us/library/windows/apps/Hh781215.aspx (scroll down to the app data section).  It is intended for images, videos, etc.

    Also, to refer to that location, you want to use ms-appdata:///local/..., not ms-appx-web:///local/...  That is the cause of the error message you are seeing currently.  However, as noted above, even if you fix the URI, it will still not load due to restrictions placed on the app data location.

    Hope that helps,

    Gearard

    Wednesday, April 24, 2013 1:08 AM

All replies

  • This is not allowed.  The security restrictions put on the app do not allow it to execute code or script located in the application data directory.  See more details on this at http://msdn.microsoft.com/en-us/library/windows/apps/Hh781215.aspx (scroll down to the app data section).  It is intended for images, videos, etc.

    Also, to refer to that location, you want to use ms-appdata:///local/..., not ms-appx-web:///local/...  That is the cause of the error message you are seeing currently.  However, as noted above, even if you fix the URI, it will still not load due to restrictions placed on the app data location.

    Hope that helps,

    Gearard

    Wednesday, April 24, 2013 1:08 AM
  • Wait so I can have an iframe point to an arbitrary website (unless the site has that special "no framing" header) but loading an html file thats in the apps own local data is too much of a security risk? Theres no way to sandbox it and make that safe?
    Wednesday, April 24, 2013 1:26 AM
  • So with all that said, how would would one go about displaying that content? Ajax I guess? Of course all the image and css references in the html pages will need to be updated to ms-appdata:///local/bla/bla. I dont have control over the content of those html pages so I would need to have a translation layer before I dump the html content into the page. Any suggestions would be appreciated. Thanks!

    Wednesday, April 24, 2013 5:52 PM
  • When you load an external site into an iframe, you use the ms-appx-web protocol which ensures the page running is in the Web Compartment, instead of the Local Compartment, which prevents access to the WinRT, etc.  When you are loading from the local state, it doesn't force it into the Web Compartment and so it blocks running any executable code because it cannot verify its source (e.g. you could have just downloaded it and saved it there trying to get around the ms-appx-web restrictions).

    As for workarounds, I can't think of too many good options.  You could read the contents as a string and then set the innerHTML of a local HTML file to it.  Though that will still have restrictions as the script will be stipped as part of that process, again as part of the sandboxing/security requirements.

    If the pages come from the web anyway, why not just reference them in the iframe directly instead of loading them into local app data first?

    Wednesday, April 24, 2013 7:03 PM
  • Aw I see. The html files are downloaded from the internet for offline access. So I guess the ajax/innerHTML thing is my only option. Luckily there isnt any javascript in the html pages so the stripping wont be a problem. Just going to be trickier then I hoped. Im sure Im not the only one who is trying to do this (any eReader). There must be a way to make that safe. I hope that there's an update to allow for this at some point. Thanks! http://i.qkme.me/3u2t22.jpg
    Wednesday, April 24, 2013 7:24 PM