Code: Select all
<html>
<head><style type='text/css'>img {max-width: 100%;}</style></head>
<body onload=" parent.postMessage('iframe6:'+document.body.scrollHeight, '*');">
[ Various HTML deleted ]
</body>
</html>
With some playing around, I figured out that the "Block every object coming from a site marked as untrusted" option is the problem. Turning this off in at least an early version of 2.9.5.2 allows the postMessage() to complete. Turning it off in the latest version RC5 still blocks the postMessage(). "chrome:" is in the whitelist and is presumably a trusted site, so I'm not sure why NoScript would be blocking postMessage().
Please let me know if I can provide any other information. If NoScript is blocking Javascript within chrome: pages I suspect this may be causing problems with other extensions as well.