[Jslib] Remote XUL, JSlib, and Security Annoyances....

Micah Quinn mquinn at quinnteam.com
Thu Mar 4 16:12:00 EST 2004


Ughhh,

For 6 months now I've been working on an application that I had hoped 
would prove XUL/Mozilla was a good platform to develop a new CRM 
(Customer Relationship Management) system.  But alas, I'm running into 
issue, after issue, after issue. (I know this is the jslib mailing list, 
but one of my major hang-ups happens to be loading JSlib from a remote 
XUL application.)

First let me start by explaining what I had intended to do.  Perhaps 
there is a fundemental error in my planning.  I have a set of PHP 
scripts that run on a remote web server.  These scripts generate, most 
nicely, the XUL code that displays a wonderful UI for my CRM.

The scritps also generate RDF (from a PostgreSQL DB) that is sent to 
Mozilla for use in tree displays, menus, etc.  For example, one screen 
displays in a fairly efficient manner over 2500 contacts.  Double 
clicking on contacts brings up their details, right mouse clicking 
allows me to e-mail them, make a new oppurtunity, record a meeting, etc. 
  Getting this simple interaction to work using remote XUL requires that 
I, by hand, modify my prefs.js in my profile and add the following line:

    user_pref("signed.applets.codebase_principal_support", true);

OK, we've already hit a snag that is almost unacceptable for a web 
deployed application.  That aside, I also have to request elevated 
security access within the application:

// Request privilege
netscape.security.PrivilegeManager.enablePrivilege("UniversalDialogModality");
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserWrite");
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserAccess");
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
netscape.security.PrivilegeManager.enablePrivilege("UniversalTopLevelWindow");

Somewhere between 1.5 and 1.6 of Mozilla this got even worse.  Now for 
each call of elevated security level,every time, on every item in a tree 
I get a new request to elevate the security level.  The "remember this 
decision" is much more grainular now. (Yes folks, that means 6 clicks of 
"Yes it's ok to allow access..." every time I double click on the 
contact details.)

And now my latest issue appears to be that jslib will load only if the 
requesting XUL file is locally installed.  In other words, if my php 
script makes reference to the following:

<script type="application/x-javascript" 
src="chrome://content/jslib/jslib.js" />

It does not appear to load.  I'm assuming this because my attemp to call 
"include(jslib_file);" fails with "include is not defined".

JSlib is installed and works fine when called locally.  I've in fact 
been able to call the example programs without issue.

--------------------------------
So, Here are the questions.  Any answers (partial credit given) would be 
MOST appreciated:

1.  How do I properly write a remote XUL application using PHP that has 
access to all the wonderful, tempting things elluded to in the XPConnect 
framework?  Things like in memory RDF.  (Please don't tell me to sign my 
application unless you know how to sign a PHP script.  Short answer: you 
don't sign dynamic PHP/CGI scripts.  Not that I know of at least.)

2.  How do I get jslib to load properly and be available for use with a 
remote XUL application?  Remember that I've loaded JSlib locally, tested 
it, but Mozilla will not allow me to use it.

3.  Does anyone know of a document (in clear plain english) that shows 
how the Mozilla security system works and how to use it?  I need to be 
able to answer question like "I need to build in memory RDF structures. 
  How to I request that security from the user?".  Is there a way to ask 
for carte blanche, all encompassing, god mode?

Let me also say thanks to the developers of jslib.  It's nice to know 
that I won't, if I continue with XUL, have to write so many pieces from 
scratch.


-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    Quinn Team Incorporated
   Micah T. Quinn - President
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


More information about the Jslib mailing list