DWR
 » 
DWR - Dev

 « Return to Thread: Dwr in remote Xul web applications

Re: Dwr in remote Xul web applications

by Joe Walker-3 :: Rate this Message:

Reply to Author | View in Thread


Bizarrely just a couple of days ago I was investigating a Firefox plugin that did come work with cookies - I was enumerating over *all* the cookies stored by the browser with exactly the same code that you are using. I guess there is more than one nsICookieManager2?? One for Chrome apps that gives you scarey powers and one for remote XUL apps that looks like the Chrome thing but in reality is only as powerful as the browser one.

If this is right then my only objection is about code bloat and testing.

If you can help me with testing - then I'll add it in.

Please could you create a very very very small remote xul app that simply opens a new xul window, with as little decoration as possible, which automatically onload fires of a call to a hypothetical DWR method something like this:

function callOnLoad() {
  // This is a DWR method cal
  Test.doNothing(function(data) {
    dump(data);
    window.close(); // or whatever you have to do
  });
}

Thanks,

Joe.

On Sun, Sep 14, 2008 at 3:10 PM, S.Pérès-Labourdette <sperlab@...> wrote:

Hi.

This is the point. I'm doing remote xul, not a chrome-like kind of firefox
extension

Thanks to mozilla's design there is no need to wonder about your concerns.

I'm not an xpcom expert, but when i was first concerned with security when
designing my first remote xul app, the first thing i learned is that
"chrome" vs "remote xul" is just like god vs evil.

Enabling security in remote xul app rely on firefox profile settings you
can't tweak remotely such as :
 - signed.applets.codebase_principal_support
 - security.xpconnect.plugin.unrestricted
 ......

Also, most of xpcom components access is just forbidden in a "remote xul"
app.

As far as i'm concerned, Direct Web "Remoting" is useful for "remote" apps
and "remote" xul is definitely not chrome.

What is your point ?



Joe Walker-3 wrote:
>
> Thanks for the submission.
> I'm nervous about adding this to engine.js for 2 reasons:
> - I want to keep it as small as possible - ideally much smaller than it is
> now.
> - I'm concerned about the security implications of what you're doing. Is
> it
> safe to download remote scripts for execution in a chrome context?
>
> Joe.
>
> On Thu, Sep 11, 2008 at 11:48 AM, S.Pérès-Labourdette
> <sperlab@...>wrote:
>
>>
>> I've just packaged a new release of my portal web app including latest
>> 2.0.5
>> release of Dwr.
>> It just runs perfectly and very fast with jawr integration.
>>
>> I would like to point out engine.js changes i've done to make dwr working
>> into a Mozilla remote Xul context so maybe someone could include it in
>> future releases, because i think this would be great.
>>
>> The only 'blocking' issue i found is in the dwr.engine._getJSessionId
>> member
>> which i rewrote like that
>>
>> ......
>> /** @private What is our session id? */
>> dwr.engine._getJSessionId =  function() {
>>        if (typeof document.cookie == 'undefined') { // not in a classic
>> html
>> context so guessing xul
>>
>>
>> netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
>>                var cookieManager =
>> Components.classes["@mozilla.org/cookiemanager;1
>> "].getService(Components.interfaces.nsICookieManager2);
>>                var iter = cookieManager.enumerator;
>>                while (iter.hasMoreElements()) {
>>                        var cookie = iter.getNext();
>>                        if (cookie instanceof
>> Components.interfaces.nsICookie) {
>>                                if (cookie.name ==
>> dwr.engine._sessionCookieName)
>>                                        return cookie.value;
>>                        }
>>                }
>>        }
>>        else {
>>                var cookies = document.cookie.split(';');
>>                for (var i = 0; i < cookies.length; i++) {
>>                        var cookie = cookies[i];
>>                        while (cookie.charAt(0) == ' ')
>>                                cookie = cookie.substring(1,
>> cookie.length);
>>                        if (cookie.indexOf(dwr.engine._sessionCookieName +
>> "=") == 0) {
>>                                return
>> cookie.substring(dwr.engine._sessionCookieName.length + 1,
>> cookie.length);
>>                        }
>>                }
>>        }
>>        return "";
>> }
>> .........
>>
>>
>> Regards,
>> S.PERES-LABOURDETTE
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Dwr-in-remote-Xul-web-applications-tp19432203p19432203.html
>> Sent from the DWR - Dev mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@...
>> For additional commands, e-mail: dev-help@...
>>
>>
>
>

--
View this message in context: http://www.nabble.com/Dwr-in-remote-Xul-web-applications-tp19432203p19480676.html
Sent from the DWR - Dev mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...


 « Return to Thread: Dwr in remote Xul web applications

Free embeddable forum powered by Nabble Forum Help