The simplest and most drastic change would be to open up
mozilla/caps/src/nsScriptSecurityManager, and make the
CheckPropertyAccessImpl function a no-op that always returns true. That
will essentially disable all security and create a browser that's
totally unsafe to be used on the public Internet.
Or, you could make a more specific change. Try adding these lines to
defaults/pref/all.js:
pref("signed.applets.codebase_principal_support", true);
pref("capability.principal.codebase.foo.id", "http://foo.com
http://bar.com";);
pref("capability.principal.codebase.foo.granted", "UniversalBrowserRead
UniversalBrowserWrite");
Replace "http://foo.com http://bar.com"; with a space-separated list of
the hosts to which your Mozilla-based tool needs to connect.
Hope this helps,
-Mitch
hocus wrote:
> Hi!
>
> I need to tailor mozilla as a special-purpose tool. I want to disable
> security checks related to javascript and page source domain.
> I suppose it has something to do with "principals", but so far I haven't
> succeeded in finding the correct place in source code to disable it. I would
> be very thankful if someone could tell me, what exactly I should change, to
> make possible using javascript on documents loaded into frames/iframes,
> originating from different domain than the base page.
>
> TIA
> Hocus
>
>
