Hi! At the beginning - thank you for reply, that is what I was looking for. What I exactly need is to grant full privileges to one domain - my domain with my scripts which I guarantee to my customers will not do anything more than they are supposed to. I know, that solution is still far from secure in case someone would spoof somehow my domain, but for my purpose I think it is acceptable danger ;) Anyway, I was thinking if this pref("...") stuff wouldn't do what I need, unfortunately when I add the last of the lines (*.granted), the browser does not start properly (tested on two recent source snapshots). So I went back to modifying source code. In CheckPropertyAccessImpl function - is there an easy way to extract the base url of the script requesting access to properties? So I could just explicitly compare it with my domain name. It is probably not to hard to find it out, but as I didn't have much time recently to delve into source, if you just know exactly how to do that I'd be very obliged :-)
Regards Hocus > The simplest and most drastic change would be to open up > mozilla/caps/src/nsScriptSecurityManager, and make the > CheckPropertyAccessImpl function a no-op that always returns true. That > will essentially disable all security and create a browser that's > totally unsafe to be used on the public Internet. > > Or, you could make a more specific change. Try adding these lines to > defaults/pref/all.js: > > pref("signed.applets.codebase_principal_support", true); > pref("capability.principal.codebase.foo.id", "http://foo.com > http://bar.com"); > pref("capability.principal.codebase.foo.granted", "UniversalBrowserRead > UniversalBrowserWrite"); > > Replace "http://foo.com http://bar.com" with a space-separated list of > the hosts to which your Mozilla-based tool needs to connect.