Main Page

Enhanced privileges

Enhanced privileges
Contacting a different server using JavaScript is expressly prohibited in Mozilla for security reasons.
This is certainly troublesome given that the very nature of Web services requires contacting different
servers. There is the capability, however, to have the user approve a script and allow it cross-domain
access. By default, Mozilla installations don’t allow this type of advanced privilege (once again, for secu-
rity reasons). You can, however, override this setting in the
configuration file (which is located in
Program Files\Mozilla\defaults\pref on
Windows-based machines).
Open up
in any text editor and find the following line:
pref(“signed.applets.codebase_principal_support”, false);
Change this line to:
pref(“signed.applets.codebase_principal_support”, true);
After setting this preference, you must close all running Mozilla instances and restart the browser. This
is only the first step. The second step is to request the Universal Browser Read privilege, which allows
cross-domain communication. Here’s how:
try {“UniversalBrowserRead”);
} catch (e) {
alert(“Script not signed.”);
When the second line is executed, the user is presented with a dialog box explaining that the script
would like enhanced privileges. The user can then click Yes to allow the privileges, or No to deny them
(Figure 17-1).
Figure 17-1
If the user clicks Yes, the code continues on; if the user clicks No, an error occurs and, in the previous
example, the alert indicates to the script that the privilege has been denied.
Web Services
20_579088 ch17.qxd 3/28/05 11:42 AM Page 517

JavaScript EditorFree JavaScript Editor     Ajax Editor