Bookmarklet, js injection and popup issue

I'm currently writing a bookmarklet that loads and executes a remote js file by appending a new <script> tag in the current window, like so :

javascript:(function() {
    if(typeof __bml_main != "undefined") return __bml_main.init();
    var s= document.createElement('script');
    s.type= 'text/javascript';
    s.src= 'http://127.0.0.1:8000/media/bookmarklet.js';
    void(document.body.appendChild(s));
})();

My bookmarklet needs to perform some dom manipulations in order to extract data from the page being viewed, and then to open a new popup to list them.

The thing is : if I want to bypass pop-up blockers, I can't open my new window from the injected script. I need to open it right from the beginning in the bookmarklet code, and to access it later when needed.

I've tried to do somehting like this :

javascript:var my_popup = window.open('http://127.0.0.1:8000/resources/manage/new/', 'newResou开发者_Go百科rcePopup',config='height=200,width=400,toolbar=no,menubar=no,scrollbars=no,resizable=no,location=no,directories=no,status=no');
(function() {
// script injection (...)
})();

but if I then try to access my_popup from my remotely loaded script, most browsers will throw a security warning and won't let me access the Window object. This is understandable since the script is not from the same domain than the displayed page, but I'm kind of stuck...

A solution would be to use a div overlay, but I'd really prefer to open a window in this case.

Any hints ?

You could load the markup for the window as a string in your bookmarklet.js file, then (later) use window.open without a URL (or with "about:blank", I forget which is more cross-browser-compatible), and use my_popup.document.write to write the markup to the new window.

You may find that you can't open the window later, even without cross-domain issues, unless you're doing so in direct response to a user action — which is probably a good thing. :-)