document.write() not working in userscript with Firefox

Question

I have some userscripts that use

var tab = window.open('', '_blank');
tab.document.write(myCustomHtml);
tab.document.close();

to show an output to the user (myCustomHtml being some valid HTML I defined previously in the code). It sopped working in Firefox since version 27, now I only get an empty document. No console errors whatsoever.

The newly opened document has only this content when inspected with Firefox' console

<html>
    <head></head>
    <body>
    </body>
</html>

while the source code is empty.

The code works in Chrome.

Do I need to make any modification for newer Firefox versions (27+) and an updated Greasemonkey (1.15)? I haven't found any recent bug reported to Firefox about this issue.

Here's a test script

// ==UserScript==
// @name           document.write() test
// @namespace      stackoverflow.com
// @description    tests document.write()
// @include        https://stackoverflow.com/questions/22651334/*
// @include        http://stackoverflow.com/questions/22651334/*
// @version        0.0.1
// ==/UserScript==

var tab = window.open('', '_blank');
tab.document.write('<html><head></head><body><ul><li>a</li><li>b</li><li>c</li></ul></body></html>');
tab.document.close();

Answer 1

I'm not sure if Greasemonkey or Firefox has buggered this, but window.open to a blank page, from a Greasemonkey script, now triggers a Same Origin Policy violation.
Meanwhile, Page scope, the console scope, and Firebug's console all work fine.

Greasemonkey scope gives:

SecurityError: The operation is insecure

whether @grant none is used or not.

This, plus the general uselessness of GM_openInTab(), lead me to suspect it is a Greasemonkey bug. I don't have time to look into it right now, but file a bug report, if you wish.

To get this to work on the latest release of Firefox (28.0) and Greasemonkey (1.15), here's what I had to do:

1. Tell my popup blockers to (temporarily) allow popups from stackoverflow.com.
2. Inject the popup code into the page scope.
3. Use an explicit about:blank for the URL.
4. Wait for the new window to load.

Here's a complete script that works on the latest FF+GM releases:

// ==UserScript==
// @name        document.write () test
// @description tests document.write ()
// @include     http://stackoverflow.com/questions/22651334/*
// ==/UserScript==

function fireNewTab () {
    var newTab = window.open ('about:blank', '_blank');
    newTab.addEventListener (
        "load",
        function () {
            //--- Now process the popup/tab, as desired.
            var destDoc = newTab.document;
            destDoc.open ();
            destDoc.write ('<html><head></head><body><ul><li>a</li><li>b</li><li>c</li></ul></body></html>');
            destDoc.close ();
        },
        false
    );
}

addJS_Node (null, null, fireNewTab);

function addJS_Node (text, s_URL, funcToRun, runOnLoad) {
    var D                                   = document;
    var scriptNode                          = D.createElement ('script');
    if (runOnLoad) {
        scriptNode.addEventListener ("load", runOnLoad, false);
    }
    scriptNode.type                         = "text/javascript";
    if (text)       scriptNode.textContent  = text;
    if (s_URL)      scriptNode.src          = s_URL;
    if (funcToRun)  scriptNode.textContent  = '(' + funcToRun.toString() + ')()';

    var targ = D.getElementsByTagName ('head')[0] || D.body || D.documentElement;
    targ.appendChild (scriptNode);
}

Answer 2

Try using tab.document.body.innerHTML instead of tab.document.write() and tab.document.close(), that is,

var tab = window.open('', '_blank');
tab.document.body.innerHTML = '<ul><li>a</li><li>b</li><li>c</li></ul>';

(I'm using Firefox v24.4.0 with Greasemonkey v1.15 and that works for me.)

I have no idea regarding the root cause of this issue but when I enclosed document.write() in a try-catch block I got the following error message from alert().

The operation is insecure.

Possibly related: Bug 663406 - document.write does not work in devtools scratchpad and console