Enabling a web page to launch an extension
-
Robert S.
- Posts: 4399
- Joined: April 24th, 2004, 3:04 am
- Location: Bay Area, CA
Enabling a web page to launch an extension
I have received several requests for the ability to launch spellbound from a button on a web page. This seems simple enough with an event listener and I am curious if anyone has any advice as to possible issues that adding this functionality may cause besides the event handler bug (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=174320">bug 174320</a>) especially if there are any potential security issues that can't be dealt with by having a tight interface. Thanks.
-
oldtimer
- Posts: 827
- Joined: July 9th, 2004, 1:48 pm
If it helps any, I've seen sites use serve.asp pages to install extensions. In fact, I just visited one today that did what I'm proposing. Name of extension slipped off my tongue, though.
Let me know though if hearing about it is not enough and I'll direct you to their homepage... once I get a chance to find it again.
Of course, this is all assuming you haven't figured out the problem yourself by now.
[I know your intellect so I had to ask ]
You've helped me so many times I only felt it was due until I did the same for you.
Let me know though if hearing about it is not enough and I'll direct you to their homepage... once I get a chance to find it again.
Of course, this is all assuming you haven't figured out the problem yourself by now.
[I know your intellect so I had to ask ]
You've helped me so many times I only felt it was due until I did the same for you.
Current: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b2pre) Gecko/2007112000 Minefield/3.0b2pre
For kicks: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
For kicks: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
-
oldtimer
- Posts: 827
- Joined: July 9th, 2004, 1:48 pm
Oh! That's what I thought you originally said. But I was like: What?! That's impossible!
So, you're saying using a install-free extension? Like a test drive to see it if you like it? Or, only use it when you need it without the clutter?
If that's what you're saying I dunna know. But I do know Moonwolf had a workaround for the Event listener bug you're describing [specifically in his EM Buttons extension]. Consider contacting him.
Hoping this time was a little closer at providing some help.
2 minutes later: Ah, I understand. But after a little more thought - It's a spellchecker so it wouldn't be that quite impossible as with any other extension that comes to mind. Seeing as you'll be hosting the dictionary check files yourself [cause extensions need files to run] and people who are in need of quick spellcheck can do so.
So, you're saying using a install-free extension? Like a test drive to see it if you like it? Or, only use it when you need it without the clutter?
If that's what you're saying I dunna know. But I do know Moonwolf had a workaround for the Event listener bug you're describing [specifically in his EM Buttons extension]. Consider contacting him.
Hoping this time was a little closer at providing some help.
2 minutes later: Ah, I understand. But after a little more thought - It's a spellchecker so it wouldn't be that quite impossible as with any other extension that comes to mind. Seeing as you'll be hosting the dictionary check files yourself [cause extensions need files to run] and people who are in need of quick spellcheck can do so.
Current: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b2pre) Gecko/2007112000 Minefield/3.0b2pre
For kicks: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
For kicks: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
-
jensb
- Posts: 544
- Joined: April 23rd, 2003, 12:42 pm
- Location: Germany
- Contact:
oldtimer, the question is about providing a button that activates an extension that was already installed.
Possible security holes are introduced when you take strings from the web page and directly eval() them - in the chrome context, JS pieces can do pretty evil things. If you just use something like "launch" without taking any code to execute, the risk should be low.
Possible security holes are introduced when you take strings from the web page and directly eval() them - in the chrome context, JS pieces can do pretty evil things. If you just use something like "launch" without taking any code to execute, the risk should be low.