Creating Applications with Mozilla
Prev	Chapter 12. Remote Applications	Next

12.7. Expanded Privileges in Mozilla

While the security aspect of signed objects is nice, the ability to make remote JavaScript do just about anything is even better for web developers because it avoids the perceived complexity of languages like C++. Also, JavaScript, along with Perl and PHP, has always been a preferred language in the web environment.

Knowing that Internet Explorer no longer has a huge advantage when it comes to remote browser-based applications is also nice, since JavaScript and XPCOM in Mozilla provide a framework very similar to ActiveX. They also provide web page scripting in which you can create and use components from a web page or web application.

Table 12-1 shows the expanded privileges available to signed scripts. Signed applications are granted these privileges as a matter of course.

Table 12-1. Expanded privileges available to signed scripts

Privilege	Purpose
UniversalBrowserRead	Reads sensitive browser data. This reading allows the script to pass the same origin check when reading from any document.
UniversalBrowserWrite	Modifies sensitive browser data. This modification allows the script to pass the same origin check when writing to any document.
UniversalXPConnect	Gives unrestricted access to browser APIs using XPConnect.
UniversalPreferencesRead	Reads preferences using the `navigator.preference` method.
UniversalPreferencesWrite	Allows you to set preferences using the `navigator.preference` method.
CapabilityPreferencesAccess	Allows you to read/set the preferences that define security policies, including which privileges are granted and denied to scripts. (You also need UniversalPreferencesRead/Write.)
UniversalFileRead	Handles `window.open` of `file://` URLs. Makes the browser upload files from the user's hard drive by using `<input type="file">`.

The JavaScript features require expanded privileges and the target used to access each feature. Unsigned scripts cannot do the following:

Use an about: format URL other than about:blank; requires UniversalBrowserRead.
Use the history object to find out what other sites the user visited or how many other sites the user visited in this session. Doing so requires UniversalBrowserRead.
When using navigator object, get the preference value by using the preference method. Getting such a value requires UniversalPreferencesRead.
Set the preference value using the preference method; getting this value requires UniversalPreferencesWrite.
Add or remove the directory bar, location bar, menu bar, personal bar, scroll bar, status bar, or toolbar. These are done using the window object and require UniversalBrowserWrite.
Use the methods and properties in the Table 12-2 under the indicated circumstances.

Table 12-2. Expanded privileges available to signed scripts

Method / property	Description
`EnableExternalCapture`	Captures events in pages loaded from different servers. Follow this method with `captureEvents`.
`Close`	Unconditionally closes a browser window.
`moveBy, moveTo`	Moves a window off of the screen.
`Open`	Creates a window smaller than 100 x 100 pixels or larger than the screen can accommodate by using `innerWidth`, `innerHeight,` `outerWidth`, and `outerHeight`. Places a window offscreen by using `screenX` and `screenY`. Creates a window without a titlebar by using `titlebar=no`. Uses `alwaysRaised`, `alwaysLowered`, or z-lock for any setting.
`resizeTo, resizeBy`	Resizes a window smaller than 100 x 100 pixels or larger than the screen can accommodate.
`innerWidth, innerHeight`	Sets the inner width of a window to a size smaller than 100 x 100 or larger than the screen can accommodate.

This snippet of code shows how to use the privilege manager in JavaScript:

netscape.security.PrivilegeManager.
      enablePrivilege("UniversalBrowserWrite"); 
window.titlebar=no;

You can pass any privilege listed in Table 12-1 to the enablePrivilege method, which is accessed through the netscape.security.PrivilegeManager object. This object is recognized globally. In this example, the code hides the titlebar via the window object.

Security is extremely important, so it is important that some means of granting special privileges to trusted scripts for accessing Mozilla components be available. In essence, signed scripts are Mozilla's version of ActiveX.

The parallels become even more apparent when you consider access to XPConnect as one of the security model's main boundaries. Just as ActiveX makes COM available in IE, signing makes XPCOM available in remote Mozilla applications. Given all that is possible in XPCOM, this chapter leaves what can be archived with remote Mozilla applications and XPConnect up to your imagination.

Prev	Home	Next
Creating Signed Remote Applications	Up	Signed Remote Snake Game