Same issue here, trying to include a signed javascript file from a dynamic web page. I cannot include and sign the html in the jar file.
I would like a syntax like <script src="secure.jar!/script.js" type="text/javascript"> </script> is that doable ? Thanks Lucho On Nov 1, 11:30 pm, MarineW <[EMAIL PROTECTED]> wrote: > Hello, > > I have to use JavaScripts that require special privileges from Firefox. So I > need to sign theses scripts in JAR files, with NSS tool. > But I have a problem as these scripts are then used from JSP pages. > > It is written here > (http://www.mozilla.org/projects/security/components/signed-scripts.ht...), > the following : > > "The major difference in signing scripts between 4.x and Mozilla is that in > Mozilla, the entire page must be signed, as opposed to only the script > running on the page. For any script to be granted expanded privileges, all > scripts on or included by an HTML page must be signed." > > If I understand this correctly, I have to include HTML pages that call > Javascript functions into the signed JAR. > But as I don't use HTML, but JSP pages, how can I proceed ? > > Thanks for any help. > > PS : Today, when calling a JavaScript function located in a jar, from a JSP, > I have the following error : > Erreur : [Exception... "'Permission refusée d'obtenir la propriété > UnnamedClass.classes' when calling method: > [nsIDOMEventListener::handleEvent]" nsresult: "0x8057001e > (NS_ERROR_XPC_JS_THREW_STRING)" location: "<unknown>" data: no] > > PS2 : Or maybe is there another way to do what I have to... > > - From one Firefox tab, I have to be able to get an instance of another > firefox tab containing a window with a given name (name given by the > "target" property of the link that opened it). > - Then I have to call javascript functions contained in this tab. > - I have to be able to give focus to this tab => In firefox 2.0.0.8, > function "focus()" can give focus to a another window, but not to another > tab. > - I have to be able to close a window that wasn't opened with the > window.open() function => Not allowed with default rights. > > I saw that we may define policies, but examples show how to reduce rights. > Is it possible also to give more rights, such as those that are granted with > "netscape.security.PrivilegeManager.enablePrivilege" function ? > > Thanks in advance. > -- > View this message in > context:http://www.nabble.com/Use-signed-scripts-in-JSP-pages-tf4728173.html#... > Sent from the Mozilla - Security mailing list archive at Nabble.com. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
