Slashdot Mirror

← Back to Stories (view on slashdot.org)

Developing Firefox Extensions with GNU/Linux

Posted by Zonk on from the extend-the-browser-extend-the-fun dept.

QT writes "Ars Technica has a lengthy but useful introduction to developing Firefox extensions with GNU/Linux. This guide comes hot on the heels of the RC for Beta 1 of Firefox. The article is a little more thorough than necessary, but I can't complain about anything that spurs Firefox development." From the article: "What can you do with a Firefox Extension? Firefox extensions can modify the Firefox user interface. This includes adding buttons to tool bars and menus; changing fonts, colors, and icons; capturing events in the client interface like page loads and clicks; and modifying web pages after the browser loads them and before the user sees them. All of this functionality comes with the aspect-oriented facility of overlays. Extensions also have as much access to the file system as the user running Firefox. Extensions can add protocol handlers, hooking actions to URLs like icq://, aim://, or stantz://. Extensions have UniversalXPConnect privileges, allowing them to harness any XPCOM component. Firefox comes with a rich library of XPCOM components that permit your extension to drive very low-level functionality like sockets from Javascript. You can also augment the XPCOM library with Firefox extensions by adding Javascript, linkable libraries, or XPIDL."

12 of 146 comments (clear)

  1. Re:Request for Firebird developers by qbwiz · · Score: 1, Informative

    It's called Thunderbird, not Firebird.

    --
    Ewige Blumenkraft.
  2. Re:Where's my bittorrent:// ? by brsmith4 · · Score: 5, Informative

    http://firepuddle.mozdev.org/ might help sometime soon...

  3. Re:Where's my bittorrent:// ? by MSch · · Score: 2, Informative

    Opera 8.10 has integrated bittorrent support.

  4. anti-ActiveX by Noksagt · · Score: 1, Informative
    Hmmm, sounds a lot like ActiveX.
    ActiveX can't be exploited by other browsers & also limits the architecture and OS choice. The history of security problems with ActiveX has a much richer history. I don't know how much their model has really improved. Firefox extensions are in a combination of XML and JavaScript, so their functionality is a bit more limited. They are better sandboxed than IE ActiveX controls used to be. Firefox extension websites must be whitelisted before an install. I think IE has also moved to this model, but there were big problems when thing would be installed by default.
  5. Re:HORRIBLE idea..(and my inability to close tags) by radish · · Score: 2, Informative

    Speaking as someone currently undergoing such a "borrowing" - it sucks.

    Please for the love of god people, don't bounce messages back saying "My spam filter has blocked your message". I didn't send it, I don't care. Leave me alone!!!!!

    --

    ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

  6. Re:In other words... by Unordained · · Score: 3, Informative

    It seems like it'd be nice if apps like Firefox were routinely (!) run as a user with fewer privs than the actual user sitting at the terminal. I know it needs -some- disk access for cache, etc. and some access to the user's files (when uploading or downloading specific files) but on the whole it'd be nice to have some sort of mechanism in place to keep apps from accessing things when they shouldn't. The view that an app should only have access to the current user's files is okay, but not ideal -- users still don't want their own setup trashed by some tricky extension, even if the rest of the host computer is fine. In a multi-user environment, that's not so easy ... creating a new user, for every app/user combination, that provides exactly the access required by the app and no more. Lots of maintenance.

    I'm not sure that users would be very accepting of an environment in which they were asked each time an app requested a new file handle -- "would you like to allow Firefox to access /home/unordained/file1.txt in read-only mode?" ... "would you like to allow p2p-app-1 to open a socket to ip xxx.xxx.xxx.xxx?" ... "would you like to allow some-app-2 to change the following registry keys?" ... but that is, (without the annoyance) what I'd like. Our computing environments are just far too unsafe for the average user.

    Suggestions? Existing (partial) solutions? (This is your opportunity to go on at length about your preferred, overly-safe-for-you operating system, and for others to trash it on grounds of any remaining work-arounds.)

  7. Re:In other words... by Anonymous Coward · · Score: 1, Informative

    Extensions can never be installed without you knowing it. For a website to install an extension, you have to manually add that website to a whitelist, and then you have to stare at the installation dialog for three seconds and then click install.
    The only site on the whitelist by default is addons.mozilla.org, where each extension is thoroughly checked that it works ok.

    If someone is dumb enough to get a malicious extension installed with these security measures, he deserves to have his machine compromised.

  8. More Resources by stoolpigeon · · Score: 4, Informative

    These are a few sites that I found helpful. Some are a little old but I got something out of all of them.

    http://www.xulplanet.com/
    http://kb.mozillazine.org/Dev_:_Extensions
    http://roachfiend.com/archives/2004/12/08/how-to-c reate-firefox-extensions/
    http://businesslogs.com/technology/firefox_extensi on_tutorial.php
    http://www.bengoodger.com/software/mb/extensions/p ackaging/extensions.html
    http://mozilla-firefox-extension-dev.blogspot.com/
    http://books.mozdev.org/index.html
    http://www.mozilla.org/xpfe/gettingstarted.html

    Of course another good way to learn about extensions is to download a few and look at the code. That has probably been the biggest help to me once the tutorials, etc. gave me the basic idea of what is going on.

    --
    It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
  9. Re:this reminds me... by NutscrapeSucks · · Score: 3, Informative

    Or not so important, because Windows users generally run with administration privledges, and that's where the virus problem lies.

    --
    Whenever I hear the word 'Innovation', I reach for my pistol.
  10. Re:this reminds me... by Bogtha · · Score: 2, Informative

    With ActiveX the code is loaded when I visit the page, for the average user there is no choice if the code will run; since the default settings typically aren't changed.

    What you say simply isn't true. I just booted up XP to check. The default settings are to prompt the user for signed controls and to ignore unsigned controls altogether.

    --
    Bogtha Bogtha Bogtha
  11. Re:In other words... by cortana · · Score: 2, Informative

    You are describing SELinux. :)

  12. Common misconceptions about XPCOM and ActiveX by SimHacker · · Score: 4, Informative
    Noksagt, you are wrong, and spreading some common misconceptions, which you should stop repeating.

    XPCOM extensions for Firefox are compiled binary machine language files, which have just as much access to your system as ActiveX controls do. Firefox XPCOM extensions are no more secure than ActiveX controls. Binary ActiveX and XPCOM controls are useful for situations where you need to do things that JavaScript doesn't support, like shaping the window of a pie menu (an open source ActiveX component, that you can download the source code if you like).

    Internet Explorer has something similar to the way you can write Firefox extensions in JavaScript and UIL. But that's a totally different thing than binary ActiveX controls and behaviors, and it severly restricts what you can do.

    You can script trustable ActiveX controls for Internet Explorer called "Dynamic HTML Behavior Components", using JavaScript (or any other ActiveX compatible scripting languages), XML and DHTML.

    For example, user interface components like JavaScript Pie Menus for Internet Explorer or the Run On Sentence dynamic text animation style run with the same restrictions as JavaScript in the browser, so they can't access files or shape popup windows. (Also open source).

    -Don

    --
    Take a look and feel free: http://www.PieMenu.com