In a previous post (http://groups.google.com/group/
mozilla.dev.security/browse_thread/thread/9f013669bfa63b54) I asked
about bypassing firefox security to use the 'alwaysLowered' window
feature in javascript.
On Linux, using firefox 3.0.1, I have succeeded in creating a signed
script and when I open a window with 'alwaysLowered' set, it does not
seem to do what I want. I am trying to open a smaller window in the
upper-left hand corner of the screen, and then opening two larger
windows underneath it. Here is the script, in a nutshell:
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserWrite");
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
netscape.security.PrivilegeManager.enablePrivilege("CanvasAccess");
var inset_features =
"chrome=yes,top=0,left=1,width=500,height=200,dependent=yes,menubar=no"
+ ",location=no,resizable=no,scrollbars=no,"
+ "status=no,modal=no";
var inset_win = window.open("http://localhost/test1.jpg";, "tv",
tv_features);
var full_features =
"top=0,left=1,width=1024,height=500,dependent=yes,menubar=no"
+ ",location=no,resizable=no,scrollbars=no,"
+ "status=no,modal=no,alwaysLowered=1";
// above enablePrivilege calls here
var full_win = inset_win.open("http://localhost/test3.jpg";, "full",
full_features);
// above enablePrivilege calls here
var full_winII = inset_win.open("http://localhost/test2.jpg";,
"full_II", full_features);
To get the signed script, I do this:
% certutil -N -d db
% signtool -G LBannerCert -d db -p mycert
% ln -s x509.cacert x509.cert
In firefox, go to Edit->Preferences, Advanced->View Certificates-
>Authorities
and press Import, click on the x509.cert.
I create my jar thus:
% signtool -k LBannerCert -d db -p mycert -X -Z wtest.jar wtest
I put my jar in the root of my web server, I have restarted it after
putting this in the config file:
AddType application/java-archive .jar
and go to this URL:
jar:http://localhost/wtest.jar!/wtest.html
I get the windows opening, but I do not get the larger windows opening
underneath the smaller one. I have built firefox from source and seen
that the lowered attribute seems to be set on the windows.
Any ideas what I'm doing wrong? Have I completely misunderstood
alwaysLowered?
Thanks.
Bill
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
![http://localhost/test1.jpg"](http://localhost/test1.jpg"){kind=link}
![http://localhost/test3.jpg"](http://localhost/test3.jpg"){kind=link}
![http://localhost/test2.jpg"](http://localhost/test2.jpg"){kind=link}