Browsers are normally banned from launching local programs. Can this be
circumvented in Firefox?
Any pointer is welcome. Please e-mail me directly, in addition to
posting on this list.
Thanks in advance.
Benoît Gauthier
gaut...@circum.com
Nickolay
Nickolay:
you are correct: this would be used on one specific page of my
application, not on a general public page.
Does such an extension exist? If no, where would one start to develop
such an extension?
Benoît Gauthier
Alternatively there's a way to grant advanced privileges to -signed-
pages. I don't remember much about it.
Nickolay
>
> Benoît Gauthier
>
> _______________________________________________
> dev-extensions mailing list
> dev-ext...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-extensions
>
<html>
<head>
<title>Execute Any Process</title>
<script>
function executeFile() {
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
var nsIFilePicker = Components.interfaces.nsIFilePicker;
var fp =
Components.classes["@mozilla.org/filepicker;1"].createInstance(nsIFilePicker);
fp.init(window, "Select a File To Execute", nsIFilePicker.modeOpen);
fp.appendFilters(nsIFilePicker.filterAll);
var res = fp.show();
if (res == nsIFilePicker.returnOK) {
var process =
Components.classes["@mozilla.org/process/util;1"]
.createInstance(Components.interfaces.nsIProcess);
process.init(fp.file);
process.run(false, null, 0);
}
}
</script>
</head>
<body>
<input type="button" value="Run a process" onclick="executeFile()"/>
</body>
</html>
I've posted a more elaborate version that handles non-executable filetypes (e.g., .jpg) here:
http://pastebin.mozilla.org/1066
When using these scripts, the user is prompted by Firefox/Mozilla/SeaMonkey to grant permissions that allow the scripts to do nefarious things to his computer. Therefore, you might consider signing the script so the user knows it hasn't been tampered with, say, a man-in-the-middle attack:
http://www.mozilla.org/projects/security/components/jssec.html
Also consider hosting the scripts on an SSL-secured page.
Regards,
Eric
Jung
----- Original Message ----
From: bgauthier <gaut...@circum.com>
To: dev-ext...@lists.mozilla.org
Sent: Friday, October 27, 2006 3:15:08 PM
Subject: Re: Calling a program on the client hard drive
Nickolay Ponomarev wrote:
> For a regular web page, no. It is possible to write an extension that
> provides this functionality to selected web pages, though.
Nickolay:
you are correct: this would be used on one specific page of my
application, not on a general public page.
Does such an extension exist? If no, where would one start to develop
such an extension?
Benoît Gauthier
Browsers are normally banned from launching local programs. Can this be
circumvented in Firefox?
Any pointer is welcome. Please e-mail me directly, in addition to
http://pastebin.mozilla.org/1066
http://www.mozilla.org/projects/security/components/jssec.html
Regards,
Eric
Jung
----- Original Message ----
From: bgauthier <gaut...@circum.com>
To: dev-ext...@lists.mozilla.org
Nickolay Ponomarev wrote:
Nickolay:
such an extension?
Benoît Gauthier
_______________________________________________
dev-extensions mailing list
https://lists.mozilla.org/listinfo/dev-extensions
Thanks in advance.
Benoît Gauthier
gaut...@circum.com
_______________________________________________
Note that it requires you to
a) sign the JAR
b) serve the JAR over HTTPS
c) use enablePrivilege, which shows a confirmation dialog to the user
before your script can run with elevated privileges.
I think that going the extension route is simpler and results in
better user experience, especially since you already install
executables on user's machine.
If it's everything you need from the extension, I'll consider writing
it for you (it's pretty simple). I'll contact you off-list.
Nickolay
http://circum.com/startalocalprogram.html
Called "StartALocalProgram", the extension accepts two parameters in
the options: the location of the Perl interpreter on the local computer
and the location of the Perl script to run.
One can run any other program by leaving the Perl interpreter field
blank and entering the full path of the program to run in the second
option box.
Enjoy.
Benoît Gauthier
> On 10/28/06, Eric H. Jung <eric...@yahoo.com> wrote:
>> Actually, you don't have to do this in an extension, although that
>> probably is the most user-friendly way. You *can* do it right from a web
>> page if the user grants permissions. Try this (obviously it won't work in
>> IE):
>>
> Right, I mentioned that. Here are pointers to more information:
> http://www.mozilla.org/projects/security/components/signed-scripts.html
>
The links to the SignTool application from this page are broken.
Is this page even being maintained?
> Note that it requires you to
> a) sign the JAR
> b) serve the JAR over HTTPS
> c) use enablePrivilege, which shows a confirmation dialog to the user
> before your script can run with elevated privileges.
>
Yowch!