?

Log in

No account? Create an account

Can't Eat, Clowns will Sleep Me

« previous entry | next entry »
Jul. 5th, 2005 | 04:46 am
mood: geekygeeky
music: Ozzy Ozborne and Dweezil Zappa - Stayin' Alive

For webservice mash-ups, especially bookmarklets, injecting an IFRAME into the current page is a nice UI method because it preserves the function of the 'back' button. Press 'back' and you go back to the version of the page as it was before the IFRAME was added.

I made a pretty nifty bookmarklet for use with spurl.net, but I ran into the cross-site scripting security restrictions and set it aside. I plan to rewrite it as a Greasemonkey extension, which (I think) would get around that problem.

Link | Leave a comment |

Comments {5}

krystiegoddess

(no subject)

from: krystiegoddess
date: Jul. 5th, 2005 11:24 am (UTC)
Link

gotta watch out for those pesky clowns.

Reply | Thread

Nathaniel Eliot

(no subject)

from: temujin9
date: Jul. 5th, 2005 04:15 pm (UTC)
Link

There's a way around the XSS restrictions for Mozilla; basically, it requires signing the script and end-user approval.

Reply | Thread

Triple Entendre

amazon women on codebase alpha

from: triple_entendre
date: Jul. 5th, 2005 05:44 pm (UTC)
Link

excellent! however, I have been there, read that, and found that the actual signing tools they are referring to, as well as their documentation, are dead links, and I haven't found what's supposed to replace them.

I think this whole approach died of neglect, and what's left just LOOKS like it might work.

I even looked at my old code just now, and those function calls are in there!

UPDATE: I did find this just now:

Before editing this file, you'll have to make sure that you've exited the browser. Completely shut down Netscape 7 or your Mozilla browser. Take special care if you're running the Quick Launch feature on Windows -- be sure to exit the browser from the icon on the right of your taskbar. When the browser has exited, add this line of code to the file:

user_pref("signed.applets.codebase_principal_support", true);

The phraseology of the preference dates to the Netscape Communicator 4.x days, when adding this preference to the prefs.js file would allow unsigned Java applets and unsigned JavaScript scripts to access properties which needed special privileges to access them. In the Netscape and Mozilla browser world, the preference has no meaning for Java Applets, but certainly continues to have meaning for scripts asking for additional privileges without a digital signature. ... In particular, the UniversalBrowserRead privilege allows you to bypass the same-origin restriction on scripts.

- http://devedge-temp.mozilla.org/viewsource/2002/bypassing-security-restrictions/index_en.html

I'm gonna shut down my browser and try that.

Shutting down my browser is going to take a while, I have 30 tabs open that need spurling.

Reply | Parent | Thread

Triple Entendre

(no subject)

from: triple_entendre
date: Jul. 5th, 2005 05:47 pm (UTC)
Link

p.s. - not sure it's even possible to sign a bookmarklet.

Reply | Parent | Thread

Nathaniel Eliot

(no subject)

from: temujin9
date: Jul. 5th, 2005 06:31 pm (UTC)
Link

Mmmm - good point. You'd have to wrap it in a .JAR, then write a javascript stub that unloaded and ran that .JAR. If that even worked.

Reply | Parent | Thread