CodeShop

Calendar 2

June 15th, 2007

Ever got this one?

The calendar bit below gives you this: it access a piece of javascript on the Calendarhub server, but FireFox does not allow it – sadly (On IE7 the CH code is fine).

1
2
3
4

document.write("\n<script type='text/javascript'>");
...
document.write("try {netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead');} catch (e) {alert('Permission UniversalBrowserRead denied.');}");
document.write("\n</script>");

Apparently, mozillaZine tells me I need to edit my own ‘user.js’ and there I need something like:

1
2
3
4
5

user_pref("capability.policy.XMLHttpRequestToAnySite.XMLHttpR equest.open",
"allAccess");
user_pref("capability.policy.XMLHttpRequestToAnySite.sites", "http://
localhost");
user_pref("capability.policy.policynames", "XMLHttpRequestToAnySite");

(This defines a policy with ‘allAccess’ to do xmlrpc requests – thanks Charlie)

Why? O Why O Why. And dont tell me this is security … With json and the script tag you can go cross-domain – advertisers do this all the time (how do you think banners show up :).

And Why all of a sudden? My former FireFox installation did just fine …

And secondly, I do hope the people at Calendarhub fix the localhost bit below:

1
2
3

document.write("<input id='calendarhub_user' name='user[login]' type='text' />");
document.write("<input id='calendarhub_password' name='user[password]' type='text' />");
document.write("<input type='button' onclick=\"ajax.update('http://localhost:3000/user/login?user[login]='+$('calendarhub_user').value+'&user[password]='+$('calendarhub_password').value, 'calendarhub_events')\" value='login' />");

I dont get it – why would I wanna do that? I think it’s a (w)oops from CH.

Posted by Dirk Filed in Blog

1 Response to “Calendar 2”

  1. Barry Welch Says:
    June 15th, 2007 at 12:56 PM Yeah Dirk, you caught me. A decent-sized oops on our part. Like I mentioned to you, it was some crufty code leftover from some code experiments that, thanks to me, made its way into production. Its fixed now... Thanks for reporting it. BTW, there are no plans in the works to inject ads into the badge. I don't think it makes sense to do so, as it would likely annoy a lot of people.

Sorry, comments are closed for this article.