[Project_owners] Rewriting a browser inside a XUL app
ben.bucksch.news at beonex.com
Thu May 20 09:50:11 EDT 2004
Ben Bucksch wrote:
> I'm not sure about the rights of about:*, using http would be safer.
I just checked the source again and didn't find definitve answers. I
*think* many about: URLs - and <about:blank> specifically - do have
chrome rights. <about:logo>, <about:credits>, <about:mozilla> *should*
run with lower priviledges, currently, but it's not garanteed either.
So, I'd really suggest to use http: instead of about:.
There probably is a way for you to manually drop priviledges, but I
don't know how.
BTW: I think it would also be safer to create the doc via the DOM
instead of HTML source and parsing that, because adding content to a
text node via .data does not parse the content, *I think*. However,
creating the doc via the DOM may be very inconvient.
More information about the Project_owners