Posted by VK on 12/10/06 18:07
> > Yes, within the spelled conditions it is perfectly possible for
> > mainstream browsers.
> > <http://groups.google.com/group/comp.lang.javascript/msg/9f1953d6e73c6821>
> No it won't. Not in modern Gecko... Have you tried it?
If course I did: this script is destributed for over one year by now.
But obviously you didn't try it: instead you're just making a blind
assumption "it cannot be because it never can be".
> Anyway it is a bad, bad, very bad idea...
Can you PLEASE finally read the OP's request AND the script comments?
It does *not* work (will be blocked by security manager) withing the
default security environment. If you come to some http://www.foo.bar it
will not work (unless your UA is badly borken).
If you open the page from the local drive it does work (you are in the
relaxed security environment).
If you sign the script with a valid certificate it does work (if Yes on
prompt) from any server.
If you add http://www.foo.bar into trusted site list, it does work as
well.
P.S. Before talking about Internet security matters it is a very good
idea to learn these matters first - IMO.
[Back to original message]
|