On 3/22/11 7:47 AM, pike wrote: > In an installation that uses firefox, I need to embed videofiles that > are located on the local hard disk into webpages that are served by a > remote machine.
Browsers and plugins don't allow web content to reference local files for security reasons (as you surmised). What is your scenario? A user has a bunch of locally-saved video and browses to your web site in order to view them? Seems unusual given that all platforms ship with capable video viewers these days. Couple of things about enablePrivilege. 1) combine them -- each call brings up a dialog. There's no reason you can't request all the privs you need in one call with a space-separated list. 2) UniversalXPConnect is overkill, a superset of the other privs you're asking for. It's equivalent to installing software, and if you're going there then just install software. 3) You should be able to get what you want with a single "UniversalFileRead" permission and have the user remember it for themselves. Don't mess with capability prefs! All of the above is trumped by us removing support for enablePrivilege entirely as an unnecessary, unsafe, vendor-specific feature. Since the code you're writing is already Mozilla-specific there's no reason not to go ahead and write an add-on and have users install that. Use the add-on builder SDK and produce restartless addons and there's really no difference between the user agreeing to the install and agreeing to a scary enablePrivilege dialog. How important is it that this happen on your site, as opposed to being a feature for users? The add-on could detect it's your site and replace some placeholder content with the video link for you. https://developer.mozilla.org/en/building_an_extension https://addons.mozilla.org/en-US/developers/tools/builder -Dan Veditz _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security