Enabling cross-site scripting (AJAX/XMLHttpRequest) for file:// URLs in Firefox

While working on a Songbird extension, I found myself needing to debug some AJAX code. Songbird is built on the Mozilla application framework, and I haven’t yet figured out how to do this kind of debugging directly in the application, so I just ripped out the relevant code and put it into a tst.html file so I could debug it with Firebug in Firefox.

Of course, opening the file in Firefox using a file:// URL, the XMLHttpRequest falls foul of cross-scripting browser security measures, so the search was on for the magic bit of about:config that would allow it. I didn’t find it, but I did find this bit of Firefox Javascript voodoo:

netscape.security.PrivilegeManager.enablePrivilege(“UniversalXPConnect”);

Put this in your page, and it’ll pop up a window asking you whether to allow XSS for the page. It has a checkbox to remember your choice, so it only prompts you the first time. Perfect!

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: