ManticMoo.COM All Articles Jeff's Articles
Jeffrey P. Bigham

Enabling Cross-Site Scripting for Firefox Extensions

Jeffrey P. Bigham

Related Ads

Cross-site scripting involves loading scripts or data from another web site using Javascript and is usually not allowed because of security concerns. Just imagine if a script could download web pages automatically in the background, perhaps getting bank information present in another window. Firefox extensions operate under a different security model, one that implicitely includes the additional trust to do this. To protect the extension writer from himself, however, Firefox still requires extension writers to explicitely enable the ability to read content from other web sites. This hopefully decreases the likelihood that an innocent extension can be co-opted by nefarious individuals.

To enable the ability of Firefox to read information from other web sites, simply execute the following code:

 
try {
  netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
} catch (e) {
  alert("Permission UniversalBrowserRead denied.");
}

Jeffrey P. Bigham
ManticMoo.COM All Articles Jeff's Articles