I'm developing a Firefox plugin using XPCOM, I开发者_开发知识库've not yet read all the docs, but as far as I can see, A plugin is simply a DLL that provides services via a XPCOM interface and interacts with the browser via XPCOM interfaces. Since the plugin itself is a native DLL, how would the security model work? Would it rely on the fact that the user trusts the plugin not to do nasty stuff, like with OCX controls?
I can't see any other way it could be secured... Is there?
Just to clarify a few definitions, as far as I know, in Mozilla-land:
- a plugin is something that is used to render content via the NSAPI (think Flash, PDF, ...) and is normally not using XPCOM
- an extension is a package that extends Mozilla/Firefox via XUL and/or XPCOM, which can contain components and/or XUL GUI stuff.
- a component is a provider of XPCOM services and can be written in Javascript or as a native shared library/DLL
So I guess, what you want to do is an extension consisting of a component.
As an answer to your question: You are right, as soon as the user installs an extension, he is agreeing to trust that one. Even if it consists of Javascript code, it has automatically more access than web site Javascript.
XPCOM does not seem to be intended for plugins, but rather applications, so security is not modelled.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论