Move JSON preferences into readable UI and integrate site preferences into about:permissions (was "options panel") #8
Comments
|
Hi Eamon, Firstly, I recommend upgrading Firefox to 18, as it is now available as a regular release (and I don't know whether the latest version still works with FF17, though I do know it works with FF18-21a1). Secondly, you really should ensure you are using the latest version of AsYouWish too, for security reasons as well as bug fixes. For this, normally I recommend using the version at https://addons.mozilla.org/en-US/firefox/addon/as-you-wish/ , but since that copy is a little behind as I wait for their preliminary approval and I know the development version should be working, I'd recommend installing the one from https://raw.github.com/brettz9/asyouwish/master/asyouwish.xpi . It is a restartless addon so not very hard to reinstall. :) Good to hear your file code was working. |
|
Brett,you'll be pleased to know that after a lot of fiddling around I seemed to have fixed a problem concerning the "Whitelisted privileges" list. Here's what I did: I upgraded to ff18 and AYW0.5.2 That wasn't the issue though. The "Whitelisted privileges:" box in the GUI panel was still empty. In the "Whitelisted priviliges" field from the FF addons options interface (which is a very tedious way of describing something, so from now on I'm calling it the OTHER - as opposed to the GUI panel), I entered various stuff like ["chrome"],["chrome","sdk/io/file"], and ["file"] - stabs in the dark as it turned out. These didn't have any effect on the "Whitelisted Privileges" box - it was still empty. I was still getting an error message on all my previously OK functions: Finally I looked at my prefs.js file in my FF profiles folder. In prefs.js I had: user_pref("extensions.jid1-9Ddk7IgYYaBCAw@jetpack.whitelistedPrivileges", "[' ' sdk/io/file"]"); Those 2 single quote marks were the giveaway. I'd obviously entered wrong stuff into the Whitelisted privileges field. I changed this to: user_pref("extensions.jid1-9Ddk7IgYYaBCAw@jetpack.whitelistedPrivileges", "["sdk/io/file"]"); Voila, the "Whitelisted privileges:" box in the GUI panel was now populated with the full list of privileges. All my AYW functions then worked! So there's clearly a problem when a user types something malformed into the OTHER whitelist field. I figured out that by checking the "Enforce privilege whitelist" checkbox, the list becomes active (editable) in the sense that clicking on an item puts it into the whitelist field in the "OTHER" . This seems to be the only safe way to make the list editable on an item-by-item basis. Entering the item(s) manually is error-prone and led to my problems. In your OTHER interface, you present the user with a blank field, and this directive for field entry: "Array (as string) .." That's not very newbie-friendly, and makes for buggy input. What exactly does a user type in: file, [file], ["file"], ["file"] etc etc. (Experts would have no problem, but who's an expert, really, these days?) Error-checking this field input, combined with more explicit instructions or examples might be one option. But better would be only allowing input via selecting items from the complete list as presented in the GUI box. That's fool-proof. Hope that helps with your great project. |
|
Just came across this again--during AMO's review of my add-on (which I incidentally won't be able to put onto AMO, it appears, given their opposition to anything on AMO escalating privileges in such a manner) they also suggested avoiding the JSON-based preferences and also integrating with about:permissions. I have changed the title of your issue accordingly as I do hope to get to this at some point. |
|
Thanks Brett, I still use your program AYW for file i/o in my word processor "xthdraft" on Firefox. It's awesome. Eamon Byrne. Reopened #8. — |
|
Great to hear, Eamon! Is your code something you can share, or might it be a commercial project at some point? FYI, not sure if you had seen but, with https://github.com/brettz9/webappfind you can open a file from your desktop (currently Windows only) into a web app in the browser. While you could open into an AsYouWish app as well, part of the selling point of WAF is that WAF won't escalate privileges beyond file reading or writing for that single file that was sent to the browser/app... Btw, if you care to submit a review for AsYouWish at https://addons.mozilla.org/en-US/firefox/addon/as-you-wish/ , it may bolster our case that this is something useful. As per a conversation posted at #9 (comment) , Mozilla isn't persuaded given the few number of downloads so far that the complexity for review of AsYouWish is worth being reviewed in a more timely manner (of course, that is probably because the downloads will only increase to the extent that other developers will take up using AsYouWish, and developers may be hesitant to use it if it is not given a stamp of approval of being dependable). |
… JSON-based options ("allowedProtocols", "allowedWebsitesApproved", "addonWebsites", "whitelistedPrivileges") from the about:addon options dialog; these prefs remain controllable in the AsYouWish add-on bar dialog so better to use this less error-prone UI anyways
… JSON-based options ("allowedProtocols", "allowedWebsitesApproved", "addonWebsites", "whitelistedPrivileges") from the about:addon options dialog; these prefs remain controllable in the AsYouWish add-on bar dialog so better to use this less error-prone UI anyways
|
Hi Eamon, In the latest version (1.3.0), as per our discussion and an add-on reviewer's comment, I've hidden the JSON-based options from the about:addons options dialog: "Allowed protocols", "Allowed websites", "Allowed and approved websites", "Addon websites", and "Whitelisted privileges" to avoid the chance for user error and confusion. The AsYouWish add-on bar dialog can still control these options visually. (Thankfully I eventually discovered it was easy as adding "hidden" to each of these attributes in the package.json file.) As far as the add-on reviewer point about me integrating the permissions into about:permissions, besides that there is no apparent API (or at least not a documented one that I could find) for adding one's own custom items to this dialog (and overlaying XUL would be unpleasant to say the least, requiring moving away from the (restartless-out-of-the-box) SDK, and be potentially fragile), more importantly, for security reasons, I think it is better to stick with page-specific preferences instead of domain-specific ones. Imagine that you add your own AYW app, let's say on file://, and give it a number of privileges. You don't want to later open some other HTML file stored on file:// (such as one by a third-party) which can then do malicious things on your machine. I will therefore close this issue for now, but reopen as necessary (e.g., if Mozilla provides a page-specific permissions dialog). Feel free to keep commenting here though. |
|
(And this version I mention is till now only available on trunk because I am afraid that updating would put me back in the queue and lengthen the already long (9 month long!) wait for the add-on's first preliminary approval.) |
|
Sorry, I have now updated to 3.0.0 which includes an i18n fix for the version I mentioned, v. 1.3.1 (and API changes to match deprecation of old form of match-pattern and removal of sdk/addon-page) |
|
Hi Brett, My word processor which uses your addon AYW is a very full featured program which has some unique features, such as auto tense changing (no other WP that I know of does this). I'll try to finalise this program this year to get it to some sort of marketability. ----- Original Message ----- Sorry, I have now updated to 3.0.0 which includes an i18n fix for the version I mentioned, v. 1.3.1 (and API changes to match deprecation of old form of match-pattern and removal of sdk/addon-page) — |
Hi Brett,
I've been working with AYW for the past week or so, and have all my file i/o functions for my program working fine under ff17
But today, they suddenly stopped working, and I noticed that the options panel is blank!
There doesn't seem to be any obvious way of repopulating this panel, or altering it for that matter, from either your GUI interface or the other one using ff addon options button.
Without searching through your code base, is there a quick fix to this?
Maybe I have to reinstall the extension?
Eamon (aka xthdraft)
The text was updated successfully, but these errors were encountered: