12.7. Expanded Privileges in Mozilla

While the security aspect of signed objects is nice, the ability to make remote JavaScript do just about anything is even better for web developers because it avoids the perceived complexity of languages like C++. Also, JavaScript, along with Perl and PHP, has always been a preferred language in the web environment.

Knowing that Internet Explorer no longer has a huge advantage when it comes to remote browser-based applications is also nice, since JavaScript and XPCOM in Mozilla provide a framework very similar to ActiveX. They also provide web page scripting in which you can create and use components from a web page or web application.

Table 12-1 shows the expanded privileges available to signed scripts. Signed applications are granted these privileges as a matter of course.

Table 12-1. Expanded privileges available to signed scripts




Reads sensitive browser data. This reading allows the script to pass the same origin check when reading from any document.


Modifies sensitive browser data. This modification allows the script to pass the same origin check when writing to any document.


Gives unrestricted access to browser APIs using XPConnect.


Reads preferences using the navigator.preference method.


Allows you to set preferences using the navigator.preference method.


Allows you to read/set the preferences that define security policies, including which privileges are granted and denied to scripts. (You also need UniversalPreferencesRead/Write.)


Handles window.open of file:// URLs. Makes the browser upload files from the user's hard drive by using <input type="file">.

The JavaScript features require expanded privileges and the target used to access each feature. Unsigned scripts cannot do the following:

Table 12-2. Expanded privileges available to signed scripts

Method / property



Captures events in pages loaded from different servers. Follow this method with captureEvents.


Unconditionally closes a browser window.

moveBy, moveTo

Moves a window off of the screen.


  • Creates a window smaller than 100 x 100 pixels or larger than the screen can accommodate by using innerWidth, innerHeight, outerWidth, and outerHeight.

  • Places a window offscreen by using screenX and screenY.

  • Creates a window without a titlebar by using titlebar=no.

  • Uses alwaysRaised, alwaysLowered, or z-lock for any setting.

resizeTo, resizeBy

Resizes a window smaller than 100 x 100 pixels or larger than the screen can accommodate.

innerWidth, innerHeight

Sets the inner width of a window to a size smaller than 100 x 100 or larger than the screen can accommodate.

This snippet of code shows how to use the privilege manager in JavaScript:


You can pass any privilege listed in Table 12-1 to the enablePrivilege method, which is accessed through the netscape.security.PrivilegeManager object. This object is recognized globally. In this example, the code hides the titlebar via the window object.

Security is extremely important, so it is important that some means of granting special privileges to trusted scripts for accessing Mozilla components be available. In essence, signed scripts are Mozilla's version of ActiveX.

The parallels become even more apparent when you consider access to XPConnect as one of the security model's main boundaries. Just as ActiveX makes COM available in IE, signing makes XPCOM available in remote Mozilla applications. Given all that is possible in XPCOM, this chapter leaves what can be archived with remote Mozilla applications and XPConnect up to your imagination.