UniversalXPConnect permission error in firefox 17 - javascript

I have a small web JS, that copy and inserts some form data to and from the iframe.
But it doesn't work in Firefox 17. I'm using this code:
"netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");"
What could be wrong? Is there any workaround?

It was removed from running on the web with Firefox 17
https://developer.mozilla.org/en-US/docs/Bypassing_Security_Restrictions_and_Signing_Code
Early versions of Firefox allowed web sites to segregate principals
using signed scripts, and request extra permissions for scopes within
signed scripts using a function called enablePrivelege. These feature
was not used much (aside from abuse), and its complexity made
performance improvements difficult. Signed script segregation was
removed in bug 726125, the enablePrivilege prompt was removed in bug
750859, and enablePrivilege itself was nerfed in bug 757046.
EnablePrivilege is disabled in Firefox 15 and will be removed in
Firefox 17.
Sites that require additional permissions should now ask Firefox users
to install an extension, which can interact with non-privileged pages
if needed.
And a discussion on making an extension: http://support.mozilla.org/en-US/questions/936845

Related

Why do I have a message about "mxpnl.net" always in my Google Chrome console?

VM2335:34152 POST https://cr-input.mxpnl.net/data?_channel_id=&_partner_id=39571&_sub_id=0000&_app_version=1.0.23&_app=cs-dca net::ERR_INTERNET_DISCONNECTED
From what I can find, it appears to be a behaviour and analytic tracking script most likely related to mixpanel.com. I've recently run into the same thing, and followed it back to the content.js file inside the Tampermonkey chrome extension. I'm sure there are other chrome extensions that do the same thing, but uninstalling this chrome extension made the https://cr-input.mxpnl.net request stop.
I've also heard others have solved this problem by uninstalling Hide my adBlocker, but I can't confirm this myself.
This could mean you have a malicious Chrome extension installed. I googled "cr-input mxpnl" and came across this Google Forums post. If your internet is disconnected, the extension is probably failing to connect to the website where it wants to send your data.
To be clear, this is a guess. It may be a totally legit extension. However it would definitely be worth checking what extensions are installed, removing any that you don't recognise and doing a virus scan.
Since you are using some Adblocker extension that's the reason for getting
ERR_INTERNET_DISCONNECTED from the console. In the preferences of your Adblocker, you have blocked the access to Site Analytics Tracker
Turning off or Disabling the Web Statistic Tracker options from the preferences of the installed extension came from the Tampermonkey chrome extension. That alone stops accessing analytic tracking script most likely related to mixpanel.com.
There are other options from the preferences from the extension that might not be needed
Cheap Flights Advisor
PromoBar
Aliradar
So try to disable these options and always try to block all unencrypted requests by using HTTPS Everywhere extensions so that your information might not be stolen to any third party agents.

Testing CORS compatibility for IE8 using developer tools

I've set up a central WebApi site that will provide general CRUD capability for various sites across our domain. I've configured the whole shebang to utilize CORS with the standard jquery ajax httprequest or, in the case of older IE versions, XDomainRequest. So far, everything checks out, it works splendidly. My problem is that I can't seem to find a machine with IE8 in order to complete user agent testing. The site works wonderfully when I go into the developer tools on IE 11 and set it to emulate IE8 but I'm not ready to pop the champagne cork just yet.
My question is: will the developer tools' IE8 mode fully emulate that browser's behavior, down to the way it handles cross domain requests or do I need to either find a user with IE8 and have them test it or spin up a VM with it?
You can download a virtual machine with IE8 from Microsoft's modern.ie site at http://dev.modern.ie/tools/vms/ and test your site with that.

Corrupted UI when trying to display reporting service report in an iframe

I need to display report services reports using an iframe which is opened from a web application that supports IE9, IE10, IE11 (the application cannot run with computability view).
When using the iframe, the UI of the displayed report is corrupted, as you can see in the attached screenshot. Seems that it happens when using iframes in general, not only from our application.
We cannot change the reporting services html on the customers machine, so this suggested solution can't assist us: Unexpected scrollbar in Reporting Services
Any ideas?
Following up# #jtbon2's answer - if this iframe is running on your company's intranet and you are inside of the same network with your development machine, your Internet Explorer might have the default option for compatibility mode enabled for local sites.
It will essentially downgrade your browser to a lower version of IE to enforce a a standard IE user base.

Unable to allow IE10 to run scripts

My IE10 has stopped execution of JavaScript for pages stored locally, infact it does not asks for permission to allow their execution.
I have Windows 8 x64 with IE 10 installed. A few days back whenever I used to open a file which used JavaScript IE10 used to display a message "IE restricted this webpage from running scripts or activex controls" with a button to allow blocked content.
Now, this dialog doesn't appear at all and I'm unable to test JavaScript programs in my local machine using IE. (On websites like gmail etc JS simply works).
I have tried changing security setting inside internet options to lowest but no use.
P.S.: On repeatedly clicking reload on realized that permission to allow blocked context dialog appears for fraction of a second and disappears.
I solved the issue by installing a cumulative security update for IE10 Windows 8 x64 from
this link
Don't know why this is related with the issue, but my friend suggested me try to update IE, and on googling I found this update.
I posted it here because when I searched internet for the solution, I was not able to find any case of this type.

How to sign script or webpage requiring UniversalXPConnect privilege

I have a website which uses some functionality implemented in the Firefox extension, which I developed. JavaScript script on one of my webpages requires UniversalXPConnect privilege for communicating with XPCOM component implemented in my Firefox extension.
By default, when my script tries to enable this privilege for accessing XPCOM component:
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
... the following error occurs:
Error: A script from "http://example.com" was denied UniversalXPConnect privileges.
To enable this privilege currently users need to manually edit "signed.applets.codebase_principal_support" setting in "about:config" Firefox page.
From this page: http://www.mozilla.org/projects/security/components/signed-scripts.html I learned that it is possible to explicitly sign my webpage containing script which requires this privilege. After I sign my script users will not need to manually edit above mentioned setting.
Website is hosted on Linux platform under Drupal CMS.
I would very much appreciate if you could give me detailed step-by-step instructions on how do I sign my script (what tools should I download, how to create certificate, etc.), such that after following your instructions editing about:config setting will not be necessary.
As of Firefox 16 signing the script will not likely work since support for universalXPconnect seems to have been removed and you should now use an add-on for added privileges although I don't know how. https://bugzilla.mozilla.org/show_bug.cgi?id=546848
EnablePrivilege is disabled in Firefox 15 and will be removed in Firefox 17.
check out this:
https://developer.mozilla.org/en-US/docs/Bypassing_Security_Restrictions_and_Signing_Code

Categories