(Security suggestion) |
Robcoblurn (talk | contribs) m (Scripting Usage) |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 2: | Line 2: | ||
I would like to suggest that webapp bundles support multiple security levels. I think that it's essential that we retain the ability to have system-level access from webapp javascript, however, that should not be the default mode. Perhaps a security sandbox could be turned on by default but overridden for certain bundles (with user's explicit permission, not by way of a click-through dialog that users would tend ignore) | I would like to suggest that webapp bundles support multiple security levels. I think that it's essential that we retain the ability to have system-level access from webapp javascript, however, that should not be the default mode. Perhaps a security sandbox could be turned on by default but overridden for certain bundles (with user's explicit permission, not by way of a click-through dialog that users would tend ignore) | ||
---- | ---- | ||
tylermenezes: The example method won't work in Prism 0.9, im my code or even in a blank webapp.js. Error is "missing : after property ID", on void log(aMsg); I can't do getBrowser() by itself, either. Maybe I'm doing something wrong, I'm new to this. | |||
== Scripting Usage == | |||
The scripting is a bit confusing. We could use some examples. XUL documentation is out there, but it's not very easy to jump into. Here's some examples using gmail - doesn't do much, but helps you get the idea. | |||
/* webapp.js */ | |||
/*global host*/ | |||
//Get things started | |||
function startup () { | |||
//Only Works if sidebar is on | |||
host.sidebar.add(null, "http://talkgadget.google.com/talkgadget/popout"); | |||
host.sidebar.visible = true; | |||
//Lots of the same command | |||
//host.getBrowser().goHome(); | |||
//host.getBrowser().loadURI(host.getBrowser().homePage); | |||
//host.getBrowser().loadURI('http://mail.google.com/mail/'); | |||
var aImage = host.getResource("gmail.ico"); | |||
var aTitle = "Gmail says"; | |||
//Can't actually get contentDocument.title yet, because document hasn't loaded yet - but it won't break anything | |||
var aMessage = host.getBrowser().contentDocument.title; | |||
host.showAlert(aImage, aTitle, aMessage); | |||
} | |||
function shutdown () { | |||
//If you need to clear up anything | |||
var aImage = host.getResource("gmail.ico"); | |||
var aTitle = "Gmail says"; | |||
var aMessage = host.getBrowser().contentDocument.title; | |||
host.showAlert(aImage, aTitle, aMessage); | |||
} | |||
function dropFiles (uris) { | |||
} | |||
Latest revision as of 17:31, 23 April 2008
20after4 09:32, 10 November 2007 (PST) : I would like to suggest that webapp bundles support multiple security levels. I think that it's essential that we retain the ability to have system-level access from webapp javascript, however, that should not be the default mode. Perhaps a security sandbox could be turned on by default but overridden for certain bundles (with user's explicit permission, not by way of a click-through dialog that users would tend ignore)
tylermenezes: The example method won't work in Prism 0.9, im my code or even in a blank webapp.js. Error is "missing : after property ID", on void log(aMsg); I can't do getBrowser() by itself, either. Maybe I'm doing something wrong, I'm new to this.
Scripting Usage
The scripting is a bit confusing. We could use some examples. XUL documentation is out there, but it's not very easy to jump into. Here's some examples using gmail - doesn't do much, but helps you get the idea.
/* webapp.js */
/*global host*/
//Get things started
function startup () {
//Only Works if sidebar is on
host.sidebar.add(null, "http://talkgadget.google.com/talkgadget/popout");
host.sidebar.visible = true;
//Lots of the same command
//host.getBrowser().goHome();
//host.getBrowser().loadURI(host.getBrowser().homePage);
//host.getBrowser().loadURI('http://mail.google.com/mail/');
var aImage = host.getResource("gmail.ico");
var aTitle = "Gmail says";
//Can't actually get contentDocument.title yet, because document hasn't loaded yet - but it won't break anything
var aMessage = host.getBrowser().contentDocument.title;
host.showAlert(aImage, aTitle, aMessage);
}
function shutdown () {
//If you need to clear up anything
var aImage = host.getResource("gmail.ico");
var aTitle = "Gmail says";
var aMessage = host.getBrowser().contentDocument.title;
host.showAlert(aImage, aTitle, aMessage);
}
function dropFiles (uris) {
}