Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

can security be elevated for a page?

1 view
Skip to first unread message

Grant Gayed

unread,
Oct 16, 2009, 4:39:09 PM10/16/09
to
Hi,

(sorry if I'm missing an obvious interface or service, please just give me a
pointer if this is the case)

Our app embeds XULRunner, and I am wondering if a page can be viewed with a
more strict security level than it would normally have. For example, by
default a page that lives on the local file system can provide links that
successfully navigate elsewhere on the local file system. Is it possible to
view this local page as if it came from the internet, in which case
following links to the local file system would be disallowed?

The IE implementations of this are IInternetSecurityManager.MapUrlToZone()
(for embedders) and the Mark Of The Web (for pages). Do equivalents for
either of these exist in the Mozilla world?

Thanks!
Grant


Boris Zbarsky

unread,
Oct 16, 2009, 11:17:41 PM10/16/09
to
On 10/16/09 4:39 PM, Grant Gayed wrote:
> The IE implementations of this are IInternetSecurityManager.MapUrlToZone()
> (for embedders) and the Mark Of The Web (for pages). Do equivalents for
> either of these exist in the Mozilla world?

Not really, though for a particular page you could probably intercept
the file protocol handler and make sure to return a channel with the
appropriate principal set... And then hope that there aren't any
doofuses using the url for security checks.

-Boris

0 new messages