Given the injection method demoed in geode, the only way I can see
this is possible to do so far is to load an xul or html file in the
tab browser, which kind of limits things a bit (caveat, only had a
brief look, so apologies if there is an obvious way to do this from
3pd addons anywhere in the chrome).
Cheers, Tony
PS. the blog spammed my comment, one suggestion I have (that could be
fulfilled by addons through a geolocation FUEL library ;-) ) is to
develop the concept of locations or zones within Firefox, so that if I
go to work with the laptop, firefox starts up, detects this and sets
the homepage to the company intranet, maybe alters my bookmarks
toolbar, perhaps even enables/disables certain extensions (a 'work'
profile). Go back home and the 'home' profile is reinstated.
Thanks for the question Tony. Your examples are pretty awesome. I
can't wait until there is a whole set of killer geolocation enabled
addons!
So, for exposing geolocation to extensions is something we have
thought about. It will be possible, but not very easy in 3.1 beta. I
filed a bug to remind me that we should clean this up:
https://bugzilla.mozilla.org/show_bug.cgi?id=459073
I don't think it is hard to fix this up and when we do, it will get
extension developers a easy way to ask "where am I". The
complications are around privacy (of course!):
1) how do extension provide a consistent "mother may i" notification?
2) do we need to change the addon review process (for
addons.mozilla.org) so that device apis get an extra set of eyes?
I hope this helps,
Doug Turner
Cheers,
Shawn
> 1) how do extension provide a consistent "mother may i" notification?
I kind of figured something like addon developers providing the
geolocation API with a chrome://myextension/content/geoloc_info.rdf
file, wherin they would put a few resources like title and description
of location use, the API then uses this info to alert the user that
exension foo, wants to use your location to do bar. Another option
could just be the use of chrome://myextension/content/can_I_use.html
page, hooking into the existing notification.
Once the user agrees, the addon is allowed to read from the API, which
permits any code to run from chrome://myextension/content/ to such and
such fuzzing from anywhere within chrome.
By resticting to chrome://myextension/content/ it would then stop (?)
chrome://mysneakyextension/content/ from hijacking any chrome
privelaged approval from another addon.
> 2) do we need to change the addon review process (for
> addons.mozilla.org) so that device apis get an extra set of eyes?
I think that the current review process should sufice, in that if the
reviewer picks up that locations are being sent to a server, for
example, they do not publish on AMO until the developer adds a privacy
statement on AMO.
Well, that's the interesting part of the question.
As you note, it's not really useful from a security point of view. But
it might have value for convenience/consistency if multiple extensions
are doing privacy-sensitive things and they want to give the user
control over permissions and fuzzing. In other words, make it easy for
extensions to do the right thing when they want to.
Justin
And of course, I would be adamantly opposed to any extension which
exposed location info in a cavalier way being on AMO, so I would
prefer to have a sane/coherent API.
-- Mike
OT: And where can we find this new API?
I can only hope that some sane person adds a permission (UI) for this
feature, just like cookies, install, popups and what not, because why
work on removing dialogs in Firefox, and add/introduce a new feature
that keeps nagging you for every site that you visit (at least for sites
that use this feature)?
Thanks,
Michael
And of course, I would be adamantly opposed to any extension which