The simplest and most drastic change would be to open up mozilla/caps/src/nsScriptSecurityManager, and make the CheckPropertyAccessImpl function a no-op that always returns true. That will essentially disable all security and create a browser that's totally unsafe to be used on the public Internet.
Or, you could make a more specific change. Try adding these lines to defaults/pref/all.js: pref("signed.applets.codebase_principal_support", true); pref("capability.principal.codebase.foo.id", "http://foo.com http://bar.com"); pref("capability.principal.codebase.foo.granted", "UniversalBrowserRead UniversalBrowserWrite"); Replace "http://foo.com http://bar.com" with a space-separated list of the hosts to which your Mozilla-based tool needs to connect. Hope this helps, -Mitch hocus wrote: > Hi! > > I need to tailor mozilla as a special-purpose tool. I want to disable > security checks related to javascript and page source domain. > I suppose it has something to do with "principals", but so far I haven't > succeeded in finding the correct place in source code to disable it. I would > be very thankful if someone could tell me, what exactly I should change, to > make possible using javascript on documents loaded into frames/iframes, > originating from different domain than the base page. > > TIA > Hocus > >