Main Page

Mozilla-specific issues

The preceding code displays a message to the user when the window has been blocked. In general, it’s
always best to make sure the method returned doesn’t return
null
whenever you open a window.
This method works well for Windows XP Service Pack 2’s IE pop-up blocker, Mozilla’s pop-up blocker,
and the Google Toolbar pop-up blocker. For others, you may need to surround the
window.open()
call
in a
try..catch
block (because some other pop-up blockers actually cause JavaScript errors instead of
just returning
null
).
Mozilla-specific issues
As part of the Netscape Communicator code overhaul, Mozilla introduced several new security mecha-
nisms for ensuring the authenticity and safety of scripts embedded in Web pages. The first involves
activating enhanced privileges.
Privileges
Various security-related capabilities are arranged into privileges. In order to use these privileged
functions, you must request permission from the user using
netscape.security.Privilege
Manager.enablePrivilege()
.
Mozilla provides guidance to developers regarding the proper use of privileges in a document entitled
“JavaScript Security: Signed Scripts” (available at
http://www.mozilla.org/projects/security/
components/signed-scripts.html
). In this document, Jesse Ruderman lists the following available
privileges for Mozilla:
Privilege
Description
UniversalBrowserRead
Enables the browser to circumvent the Same Origin Policy
and read resources outside of the current domain.
UniversalBrowserWrite
Enables the browser to circumvent the Same Origin Policy
and write to resources outside of the current domain.
UniversalXPConnect
Allows access to the browser API using XPConnect.
UniversalPreferencesRead
Allows reading of user preferences using
navigator.preferences
.
UniversalPreferencesWrite
Allows setting of user preferences using
navigator.preferences
.
CapabilityPreferencesAccess
Allows reading/setting of preferences governing security.
To read one of these preferences, you also need
Universal-
BrowserRead
; to set one, you also need
Universal-
BrowserWrite
.
UniversalFileRead
Allows opening of browser windows using the
file://
protocol.
In order to enable a privilege, you must pass in one of these values to the
enablePrivilege()
method:
netscape.security.PrivilegeManager.enablePrivilege(“UniversalBrowserRead”);
566
Chapter 19
22_579088 ch19.qxd 3/28/05 11:43 AM Page 566


JavaScript EditorFree JavaScript Editor     Ajax Editor


©