Saturday, October 3, 2009

firefox Configurable Security Policies

CAPS for all

Controle de Scripts needs more CAPS power

or we need something new from scratch

STOP being abused by JavaScript

What are Configurable Security Policies?

Mozilla's configurable security policies allow users to set up security policies for the browser, and also have different security policies for different Internet sites. The ideas for configurable security policies come from a number of sources. Bell Labs researchers Vinod Anupam and Alain Mayer have written papers and contributed code to Mozilla. The infamous bug 858 serves as a wish list for this sort of functionality. The code for this is called CAPS (capabilities). Finally, IE's zones employ some of this idea.
This document is aimed at programmers familiar with JavaScript.

Tuesday, September 29, 2009

the other greasemonkey

Aside from imacros, chickenfoot, and coscripter

there are now Mason and Executer

Executor lives in the sandbox

With this extension you can write javascript-based scripts for any site or single page. It means that you can add your elements of interface or hide already existed. Also you can add your stylesheet tables and apply it to any element.
But executor's capabilities not limited by interface only - it limited by your javascript knowledge.
All preferences, scripts and css stored in profile directory in executor.sqlite. If you need export it just copy this file.


Mason, however, seems to have greater potential

This extension has functions as below
1. Scriptable
It is similar to Grease Monkey.
As it is loaded before any file loading, it may be more powerful and cleverer.
Please visit support site to download more scripts.

2. Http Request Redirection and Block
3. Cache any file and save to specified file path
4. Modify cookie
5. Modify referrer(custom site or site root)
6. Make Firefox show pop up dialog box to specified files
7. Fake IE6
8. Support Force content-type and Refcontrol rules import

Based on the above function, the following rules are predefined
1. make firefox "know" torrent file correctly (active by default)
2. download tudou,youku,youtube video, myspace audio files to specified path(inactive by default)
3. show pics from 163,qq,yupoo,filckr and so on correctly even cross the domain(active by default)
4. be able to visit YS168 which is an IE-only site without IE-tab (active by default)