[Project_owners] Rewriting a browser inside a XUL app

Ben Bucksch ben.bucksch.news at beonex.com
Thu May 20 09:50:11 EDT 2004


Ben Bucksch wrote:

> I'm not sure about the rights of about:*, using http would be safer.

I just checked the source again and didn't find definitve answers. I 
*think* many about: URLs - and <about:blank> specifically - do have 
chrome rights. <about:logo>, <about:credits>, <about:mozilla> *should* 
run with lower priviledges, currently, but it's not garanteed either. 
So, I'd really suggest to use http: instead of about:.

There probably is a way for you to manually drop priviledges, but I 
don't know how.

BTW: I think it would also be safer to create the doc via the DOM 
instead of HTML source and parsing that, because adding content to a 
text node via .data does not parse the content, *I think*. However, 
creating the doc via the DOM may be very inconvient.



More information about the Project_owners mailing list