Slashdot Mirror
Developing Firefox Extensions with GNU/Linux
QT writes "Ars Technica has a lengthy but useful introduction to
developing Firefox extensions with GNU/Linux. This guide comes hot on the heels of the RC for Beta 1 of Firefox.
The article is a little more thorough than necessary, but I can't complain about anything that spurs Firefox development." From the article: "What can you do with a Firefox Extension? Firefox extensions can modify the Firefox user interface. This includes adding buttons to tool bars and menus; changing fonts, colors, and icons; capturing events in the client interface like page loads and clicks; and modifying web pages after the browser loads them and before the user sees them. All of this functionality comes with the aspect-oriented facility of overlays. Extensions also have as much access to the file system as the user running Firefox. Extensions can add protocol handlers, hooking actions to URLs like icq://, aim://, or stantz://. Extensions have UniversalXPConnect privileges, allowing them to harness any XPCOM component. Firefox comes with a rich library of XPCOM components that permit your extension to drive very low-level functionality like sockets from Javascript. You can also augment the XPCOM library with Firefox extensions by adding Javascript, linkable libraries, or XPIDL."
since these things have full access to the local machine, remind me why we love extensions and hate activex?
"Hot the heals"?
WTF? Aren't the editors supposed to edit the stories?
got sig?
Where's my bittorrent:// protocol??!?!
I would love to simply do a bittorrent from firefox. I think that'd spur alot more users and make it easier to... um... *LEGAL* download torrents... (like knoppix, fedora, etc.)
Bring on the torrents!!!
A grammar mistake and a spelling mistake in the same phrase. Learn English, guys.
And that statment "RC for Beta 1 of Firefox" without the "v 1.5" modifier implies that Firefox is something new that is about to be released. Does no one even try to edit these things?
You do realize that these mistakes distract readers' attention from the actual article content, right?
X-piddle!?
For any Firebird developers (the e-mail co-product to Fixfox), one extension I would really like is the ability to click on one or a group of e-mail and send back to the sender (or whatever e-mail address the lying spammer has used for the reply address) a official looking "bounce" that the account does not exist. Wouldn't mind if it forwards the e-mail to abuse@ftc.gov in the same click, and reports it anywhere else that might be helpful too, but convincing the sender that the e-mail address is not really valid seems like the only effective way to reduce spam.
I'm an American. I love this country and the freedoms that we used to have.
Firefox extensions are are useful and powerful tools when used correctly, yet have the ability to easily become malicious and destructive if the user doesn't pay attention.
Hmmm, sounds a lot like ActiveX. While the main intent for the two is a little different (browser tweaking vs. client-side scripting & server interaction), both require users to make informed decisions. People going on about how Firefox is so much safer because it doesn't support ActiveX might need to consider dropping that argument. As Firefox's market share grows, so will the number of websites that advertise Firefox plugins, and unaware users will be just as susceptible to malware and viruses as they were with IE.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
The author says, "When should you use a Firefox Extension? Only when you must." He suggests that if you can do it on the web page using DHTML, AJAX, or even XUL, that is the way you should do it. Extension writing is to be used when there are no other options.
I realize that there are some differences, such as the fact that the red carpet is only rolled out for extensions the user trusts, but... when you advertise Firefox to dummies, your trusting users will BE dummies!
When one person suffers from a delusion, it is called insanity. When many people suffer from a delusion it is called Rel
Instead of bouncing spam, you just harrass & send spam to some poor guy who had his email address borrowed by some spam bot. Congratulations! You just became as bad as the spammers.
For any Firebird developers (the e-mail co-product to Fixfox),
Do you mean THUNDERBIRD the email companion to FIREFOX?
You didn't get the NAME of EITHER PRODUCT right. And they should listen to what you have to say for features? Blah. This isn't interesting, this is a troll. Fixfox? Give me a break.
Speaking as someone currently undergoing such a "borrowing" - it sucks.
Please for the love of god people, don't bounce messages back saying "My spam filter has blocked your message". I didn't send it, I don't care. Leave me alone!!!!!
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
slightly on-topic, ish..
I saw that "Firefox 1.5" story a couple days ago, so I tried it out.
Oh boy, if there's one thing Open-source products love to do, it's copy microsoft with all the skill of Mad TV or Saturday Night Live.
Look, this isnt a flame, it's off-topic, granted, but this shit has got to stop. Please, just _STOP_ copying microsoft.
"I wonder what, specifically, he does not like."
Every time you decide to completely change the way something looks or works, think to yourself "Wait, am I choosing this specific way because microsoft does it this way?
Then, shoot yourself in the face.
-- 'The' Lord and Master Bitman On High, Master Of All
What if I want to develop them with just plain Linux?
Or you could just become a responsible internet user and fix your computer so you aren't a spambot.
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
The problem is he probably ISN'T a spambot. The FROM header is very easily spoofed. His machine need not be the sender for the message to claim it came from him.
You do realize that e-mail protocols allow for you to insert any random thing in the "From" line? These people don't have infected computers, they have someone borrowing their name. I could send e-mails from "gwbush@whitehouse.gov" using normal Thunderbird, right now, and it's even easier if you custom code your own spamming program.
Don't attack people for problems that aren't their fault.
-ShadowRanger
Please tell me you didn't write that flame-ish post because of the new options panel. Can't figure out any other "significant" change in the UI, though.
Switch back to Slashdot's D1 system.
How about the way Microsoft copied Firefox almost exactly with their popup blocker toolbar?
-1 Flamebait.
Discussing the security vulnerabilities is entirely appropriate, but bringing them up on every Firefox article when it is completely off-topic is flamebait.
I'm not a spambot you moron. Go read up on SMTP and some back when you know what you're talking about. The FROM and REPLY-TO headers are spoofed (trivially easy) and the spamees aren't checking my domain's SPF records. Nothing to do with me whatsoever, other than getting me flooded with bounce messages.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Has anyone seen galley copies of Pro Firefox: Extension and Application Development? Or does anyone have any other suggestions for dead-tree guides for developing firefox extensions? I know of books on XUL , but none targetted for basic extension programming.
These are a few sites that I found helpful. Some are a little old but I got something out of all of them.
c reate-firefox-extensions/
i on_tutorial.php
p ackaging/extensions.html
/
http://www.xulplanet.com/
http://kb.mozillazine.org/Dev_:_Extensions
http://roachfiend.com/archives/2004/12/08/how-to-
http://businesslogs.com/technology/firefox_extens
http://www.bengoodger.com/software/mb/extensions/
http://mozilla-firefox-extension-dev.blogspot.com
http://books.mozdev.org/index.html
http://www.mozilla.org/xpfe/gettingstarted.html
Of course another good way to learn about extensions is to download a few and look at the code. That has probably been the biggest help to me once the tutorials, etc. gave me the basic idea of what is going on.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Agreed, but this doesn't answer the question about why OSS has to do the same things...
the modern "Linux Desktop" aims to copy Windows is almost every way (obviously not entirely, but still..)
Everyone needs to realize that this is indeed needed functionality. What kind of browser would it be if you couldn't save a .zip file or anything else to your hard drive? Any program you've ever used has the ability to be harmful. Let me repeat that: Any program you've ever used has the ability to be harmful.
It's all the ability to trust what you're putting on your hard drive to begin with. I run Windows on one box and Linux on the other. I tend to run OSS software on my Windows box too. Why? Because I tend to trust it more! I can rest (mostly) assured of the peer review process in an OSS app, and that if some nasty mal/spyware is included, or if it crashes systems left and right, that the community will let me know that before it ever gets to my hard drive to begin with.
I would be even more assured, could I read/write C/C++; but for my needs this process works fine.
If you don't know the reputation of the source of a binary, you probably shouldn't be downloading it.
I obviously digress; but extensions for Firefox is not a problem. Malicious programs abound, be careful where you get your apps.
put the what in the where?
> Does no one even try to edit these things?
:)
:)
There's a common saying around here...what is it? Oh yes: "You must be new here!" Or was that a rhetorical question?
> You do realize that these mistakes distract readers' attention
And if you've ever had your site slashdotted, you're probably grateful for anything that distracts some percentage of the readers.
Actually it should be -1 Offtopic for being a spelling/wrong-wording post. The submitter presumably intended to say "hot on the heels", as "hot on the heals" is nonsense.
You are misinformed. That info bar was in SP2 betas for months before Firefox shamelessly ripped it off.
Whenever I hear the word 'Innovation', I reach for my pistol.
When should you use a Firefox extension?
Only when you're EXTENDING FIREFOX.
If your website requires an extension (or, for that matter, ActiveX) to work, you're simply coding it incorrectly.
Possible exceptions includes Windows Update, but even then, Microsoft coded that as part of the OS in XP, so the web portal really isn't necessary.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Yes, there is a double standard about downloading ActiveX controls and XPCOM controls. XPCOM controls are at least as unsafe as ActiveX controls. At least ActiveX supports code signing, which XPCOM doesn't.
Open source has to do with the rights you have to use the code, not just that you can read the source code. It's certainly possible to write a browser extension or anything else in JavaScript that's not open source -- you just say in the comments "Copyright (C) 2005 by . All rights reserved." You don't even need to say that -- it's it copyright by default, but not open source by default.
Even if your point about being able to read XPCOM extension source code was factually correct, only an infintesimally small percentage of people actually even bother to read the code they download before they run it. And even if you can read it, it might be quite obfuscated and contain thousands of lines of code -- in fact the authors themselves might not even know that the code has security holes.
Take a look at the JavaScript source code to google maps, for example. Oh you haven't already read over every line of that code looking for security holes? That's exactly what I mean.
Please don't make the Raymondesque argument that open source code doesn't have security holes because everyone can read it, unless you personally read all the code you download before you run it yourself. Including the configure scripts!
-Don
Take a look and feel free: http://www.PieMenu.com
Does anyone know how much power the extensions have?
I was thinking of making a program to turn gmail and yahoo mail into server / p2p type systems. What's good is once you've uploaded the files you can forward them at will with near nil bandwidth cost to other people.
Plus if you automate the process you can setup a script to automatically forward files if it receives an email request.
Would a Firefox extension be able to do this? What is the best language do you think to be able to accomplish this?
Thanks.
You don't even need to say that -- it's it copyright by default, but not open source by default.
.IQ or some other country you've never heard about? It really is a false sense of security.
Whether the license on the copyrighted JavaScript says it's "open source" or not, if you can access and read the JavaScript code, it's out there in the open for all eyeballs to look at and discuss. Whether I can find a security hole or not or whether the code is obfuscated to hell or not is not really germane, nor is whether the authors know or not if the code has security holes in it, because there is probably someone crazy enough to "deobfuscate it" (i.e., like crackers, etc., who are patient enough using tools like disassemblers, hex editors and SoftICE to break SecureROM for NOCD cracks) and make sense of it, especially if the code promises some interesting techniques to be had (like Google Maps).
Please don't make the Raymondesque argument that open source code doesn't have security holes because everyone can read it, unless you personally read all the code you download before you run it yourself
Again, I should go green salmon fishing with this can of red herring. It is far easier for SOMEONE (whether it is me, you or the geek who never leaves his grandmother's basement with the OC-3 connection to the house...) to look at the source and simulate whether there is any weaknesses in it. It's obviously easy enough to do already with complex executables and libraries without access to any form of source code.
If it's open sourced, getting any changes back into the stream are far easier than if they're discovered in closed source, especially if the vendor regards 3rd-party security discoveries with great disdain and mockery.
I think also that code signing has proven to not be as trustworthy as Microsoft has pimped it up in the past. I certainly do not regard it as "trustworthy". Accountability? Oh, please. What if the certificate was issued to some company in
Without noting it, the editors corrected the atrocious "hot the heals" travesty that blessed the submission originally. Just because you wet your pants over Firefox doesn't make this flamebait.
Welcome to the list.
list of spammers
XPCOM extensions for Firefox are compiled binary machine language files, which have just as much access to your system as ActiveX controls do. Firefox XPCOM extensions are no more secure than ActiveX controls. Binary ActiveX and XPCOM controls are useful for situations where you need to do things that JavaScript doesn't support, like shaping the window of a pie menu (an open source ActiveX component, that you can download the source code if you like).
Internet Explorer has something similar to the way you can write Firefox extensions in JavaScript and UIL. But that's a totally different thing than binary ActiveX controls and behaviors, and it severly restricts what you can do.
You can script trustable ActiveX controls for Internet Explorer called "Dynamic HTML Behavior Components", using JavaScript (or any other ActiveX compatible scripting languages), XML and DHTML.
For example, user interface components like JavaScript Pie Menus for Internet Explorer or the Run On Sentence dynamic text animation style run with the same restrictions as JavaScript in the browser, so they can't access files or shape popup windows. (Also open source).
-Don
Take a look and feel free: http://www.PieMenu.com
...so? With the info bar, Microsoft invented a UI widget. Everyone expects UI widgets to be immediately copied if useful. It's not like a software feature. Do you think the person who invented combo boxes is angry at Microsoft for using them?
is one for freenet:<uri> URLs.
A Firefox plugin for supponting such URLs would be a huge boost for freenet.
www.freenetproject.org
-- In the beginning was the WORD, and the WORD was UNSIGNED, and the main(){} was without form and void...
That's awesome.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
here you can find another tutorial, although it's a bit old now.
But I like how Python comes up yet again. It's nice, for once in my life, to learn a language and *then* see it catch on in a big way, instead of finishing learning a language on the very last day before it dies. I'm predicting that Python is going to soon be as ubiquitous as BASIC was back in the Stone Age.
Perhaps Firefox should have an option that explicitly disables extension access to the local file system?
Would it be possible to write an extension that takes a URL, runs it on IE on a different machine and returns the VNC-window in a tab of the FireFox i called it with ? (of course you can set a range of machines to try, and if they all fail it uses WOL)
Every once in a while, though quite rarely, i come by a crapsite that only works on IE, and usually i need to first look at the website to find out how to complain about it....