Boris Zbarsky a écrit :
Marine wrote:
The webpage have to be able to expose some values/parameters to the
extension.
So I tried to add properties to button, to document or to window
objects, in my webpage.
The problem is that reading those from chrome would be exploitable (by
the web
Boris Zbarsky a écrit :
> Marine wrote:
>
>> The webpage have to be able to expose some values/parameters to the
>> extension.
>> So I tried to add properties to button, to document or to window
>> objects, in my webpage.
>>
>
> The problem is that reading those from chrome would be explo
Marine wrote:
> The webpage have to be able to expose some values/parameters to the
> extension.
> So I tried to add properties to button, to document or to window
> objects, in my webpage.
The problem is that reading those from chrome would be exploitable (by
the webpage).
You can do it if yo
Marine a écrit :
> Jonas Sicking a écrit :
>> Marine wrote:
>>
>>> Boris Zbarsky a écrit :
>>>
Marine wrote:
> However, I don't see how to put all the code in a signed jar, as
> JSP will generate HTML code dynamically for each client request.
>
Is
Jonas Sicking a écrit :
> Marine wrote:
>
>> Boris Zbarsky a écrit :
>>
>>> Marine wrote:
>>>
>>>
However, I don't see how to put all the code in a signed jar, as JSP
will generate HTML code dynamically for each client request.
>>> Is it possible to dynam
Marine wrote:
> Boris Zbarsky a écrit :
>> Marine wrote:
>>
>>> However, I don't see how to put all the code in a signed jar, as JSP
>>> will generate HTML code dynamically for each client request.
>>
>> Is it possible to dynamically generate the signed jar? Or move the
>> logic from server
Boris Zbarsky a écrit :
Marine wrote:
However, I don't see how to put all the code in a signed jar, as JSP
will generate HTML code dynamically for each client request.
Is it possible to dynamically generate the signed jar? Or move the
logic from server to client?
Marine wrote:
> However, I don't see how to put all the code in a signed jar, as JSP
> will generate HTML code dynamically for each client request.
Is it possible to dynamically generate the signed jar? Or move the
logic from server to client?
I don't claim this is easy to do, basically. The
Thanks a lot for your reply, Boris !
However, I don't see how to put all the code in a signed jar, as JSP
will generate HTML code dynamically for each client request.
Maybe someone know if this is possible, and how ?
Otherwise, I will have to write an extension, as you suggested, but I
would
Marine wrote:
>
> width="0px" height="0px" name="jsUtilsAvecPrivileges">
>
...
> I wonder if this could be due to vulnerability correction in Firefox
> 2.0.0.15 : http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
Yes. What you were doing before was exploitable.
> ==> But now, h
Hi,
A few months ago, I posted this message :
http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/d95d4d9d82959739/da0875e5639698c2?lnk=gst&q=signed+jar#da0875e5639698c2
I wanted to call JavaScript methods that require special Firefox
privileges from a JSP page
I finally su
11 matches
Mail list logo