Per-File PermissionsMitch Stoltz
This page describes how to configure privileges for individual files.
Normally, permissions are granted to all pages from a particular host (or all pages signed by a particular certificate) as a bloc. When a script requests privileges, and no preference has been set by the user for that host or certificate, the "grant/deny" dialog is presented, and the user's decision applies to all files with that host/certificate.
A shortcoming of this model is that the local filesystem (everything accessed through the file:// protocol) is treated as a single security domain, such that privileges granted to one page on the local filesystem apply to all pages, which is potentially insecure. Per-File Permissions allow privileges to be granted to individual files.
user_pref("capability.principal.myapp.id", "file:///C|/Programs/Webapp/index.html"); user_pref("capability.principal.myapp.granted", "UniversalXPConnect");
These lines will grant XPConnect access to index.html and no other file. The word myapp above can be replaced with any unique identifier for your application, as long as both lines have the same identifier. To state the syntax a little more generally:
user_pref("capability.principal.<group name>.id", "<Space-separated list of absolute URLs.>");
user_pref("capability.principal.<group name>.<granted|denied>", "<privilege name>");
where <group name> is any alphanumeric identifier and <privilege name> is
UniversalXPConnect or any other privilege string representing the extended functionality your script needs. See the Signed Script Policy documentation for more information about privileges.
This mechanism is not cross-platform. Obviously, the URL in the example above would need to be changed for every platform, and also must be changed if the file is moved. A way to specify relative links would be better.