Note: An alternative skin, TW4MW (work in progress), is available from the user preferences.
A script from "file://" is requesting enhanced abilities
TiddlyWiki Community Wiki
Contents |
[edit] Problem
When I try to save [from FireFox], I get this message:
A script from "file://" is requesting enhanced abilities that are UNSAFE and could be used to compromise your machine or data
Allow or Deny
[edit] Explanation
For security reasons, web pages are normally not allowed to access the local hard drive.
However, TiddlyWiki requires this in order to save changes - which triggers this dialog to request enhanced privileges, explicitly turning it into a trusted source.
[edit] Solution
It is suggested to simply "Allow" the file:// access and also [x] "remember this decision", so that no further security warnings appear.
Fortunately, the browser treats "file://" as a separate domain from all other remote domains, so granting permissions to locally-stored documents won't create any security holes when accessing remote web sites.
To find the internal FireFox setting:
1) look for "prefs.js", a file that is automatically written by FireFox to store your current browser settings. Under Windows, this is generally located at:
-----
C:\Documents and Settings\Your Name\Application Data\Mozilla\Firefox\Profiles\abcdef12345.default\prefs.js
-----
2) Open that file with a plain text editor (make sure FireFox is NOT running at the time!), and find these two lines (or similar):
-----
user_pref("capability.principal.codebase.p0.granted", "UniversalXPConnect UniversalBrowserRead");
user_pref("capability.principal.codebase.p0.id", "file://");
-----
3) Delete those lines to restore FireFox's default "ask for permission" state for the "file://" domain
[edit] Firefox 3 Exemption
The above solution will not work with Firefox 3. And what's more, Firefox 3 asks for permission once per session. And working through Prism does no better. Who will solve this dastardly problem?
One solution involves specifying a specific TiddlyWiki document:
user_pref("capability.principal.codebase.p0.granted",
"UniversalXPConnect UniversalBrowserRead");
user_pref("capability.principal.codebase.p0.id", "file://I:/see/some/tiddlywiki.html");
However, this does not help those with a changing number of TiddlyWikis.
Another solution that can work in Firefox 3 is the FirefoxPrivilegesPlugin. This plugin for TiddlyWiki produces a Firefox Privileges wizard, which can help set permissions for a particular TiddlyWiki file.
-- edit: please look at Bug 435254 – 'remember this selection' not saved across FF sessions, the solution there worked for me: "setting security.fileuri.strict_origin_policy to "false" in about:config prevents the dialog from opening".. FirefoxPrivilegesPlugin is still great though, allowing to see what actual privileges are seen by Firefox..
-- edit: if using Prism these settings are stored in prism\defaults\preferences\preferences.js - since the fileuri setting will likely not be in here already, you will need to add it under the security settings section, the syntax is slightly different from the instructions provided for Firefox above, the line I added looked like:
pref("security.fileuri.strict_origin_policy", false);
This worked great for me, no more irritating confirmations I am using this with the latest Prism release 0.9.9 - in addition to appearing faster, the firefox find function is now enabled in this release of Prism and makes life much easier for long tiddlers
