[Jslib] Remote XUL, JSlib, and Security Annoyances....
mquinn at quinnteam.com
Thu Mar 4 16:12:00 EST 2004
For 6 months now I've been working on an application that I had hoped
would prove XUL/Mozilla was a good platform to develop a new CRM
(Customer Relationship Management) system. But alas, I'm running into
issue, after issue, after issue. (I know this is the jslib mailing list,
but one of my major hang-ups happens to be loading JSlib from a remote
First let me start by explaining what I had intended to do. Perhaps
there is a fundemental error in my planning. I have a set of PHP
scripts that run on a remote web server. These scripts generate, most
nicely, the XUL code that displays a wonderful UI for my CRM.
The scritps also generate RDF (from a PostgreSQL DB) that is sent to
Mozilla for use in tree displays, menus, etc. For example, one screen
displays in a fairly efficient manner over 2500 contacts. Double
clicking on contacts brings up their details, right mouse clicking
allows me to e-mail them, make a new oppurtunity, record a meeting, etc.
Getting this simple interaction to work using remote XUL requires that
I, by hand, modify my prefs.js in my profile and add the following line:
OK, we've already hit a snag that is almost unacceptable for a web
deployed application. That aside, I also have to request elevated
security access within the application:
// Request privilege
Somewhere between 1.5 and 1.6 of Mozilla this got even worse. Now for
each call of elevated security level,every time, on every item in a tree
I get a new request to elevate the security level. The "remember this
decision" is much more grainular now. (Yes folks, that means 6 clicks of
"Yes it's ok to allow access..." every time I double click on the
And now my latest issue appears to be that jslib will load only if the
requesting XUL file is locally installed. In other words, if my php
script makes reference to the following:
It does not appear to load. I'm assuming this because my attemp to call
"include(jslib_file);" fails with "include is not defined".
JSlib is installed and works fine when called locally. I've in fact
been able to call the example programs without issue.
So, Here are the questions. Any answers (partial credit given) would be
1. How do I properly write a remote XUL application using PHP that has
access to all the wonderful, tempting things elluded to in the XPConnect
framework? Things like in memory RDF. (Please don't tell me to sign my
application unless you know how to sign a PHP script. Short answer: you
don't sign dynamic PHP/CGI scripts. Not that I know of at least.)
2. How do I get jslib to load properly and be available for use with a
remote XUL application? Remember that I've loaded JSlib locally, tested
it, but Mozilla will not allow me to use it.
3. Does anyone know of a document (in clear plain english) that shows
how the Mozilla security system works and how to use it? I need to be
able to answer question like "I need to build in memory RDF structures.
How to I request that security from the user?". Is there a way to ask
for carte blanche, all encompassing, god mode?
Let me also say thanks to the developers of jslib. It's nice to know
that I won't, if I continue with XUL, have to write so many pieces from
Quinn Team Incorporated
Micah T. Quinn - President
More information about the Jslib