Note: An alternative skin, TW4MW (work in progress), is available from the user preferences.
A script from "file://" is requesting enhanced abilities
TiddlyWiki Community Wiki
Contents |
[edit] Problem
When I try to save [from FireFox], I get this message:
A script from "file://" is requesting enhanced abilities that are UNSAFE and could be used to compromise your machine or data
Allow or Deny
[edit] Explanation
For security reasons, web pages are normally not allowed to access the local hard drive.
However, TiddlyWiki requires this in order to save changes - which triggers this dialog to request enhanced privileges, explicitly turning it into a trusted source.
[edit] Solutions
[edit] Allow file access
You could simply "Allow" the file:// access and also [x] "remember this decision", so that no further security warnings appear.
The browser treats "file://" as a separate domain from all other remote domains, so granting permissions to locally-stored documents won't create any security holes when accessing remote web sites. But, it will give the same permissions to every local HTML file you access in a browser.
To find the internal Firefox setting that "remember this decision" creates:
- Find the file "prefs.js", a Firefox file that store your browser settings. Under Windows XP, this is generally located at
C:\Documents and Settings\Your Name\Application Data\Mozilla\Firefox\Profiles\abcdef12345.default\prefs.js - Open that file with a plain text editor (make sure Firefox is NOT running at the time!), and find these two lines (or similar):
user_pref("capability.principal.codebase.p0.granted", "UniversalXPConnect UniversalBrowserRead");
user_pref("capability.principal.codebase.p0.id", "file://"); - Delete those lines to restore Firefox's default "ask for permission" state for the "file://" domain
[edit] Per-file exemption in Firefox 3
The above solution will not work with Firefox 3. And what's more, Firefox 3 asks for permission once per session. And working through Prism does no better. Who will solve this dastardly problem?
A better solution involves modifying prefs.js to give a specific TiddlyWiki document file access. For more details see How To/Firefox Per-File Permissions, as a quick summary you add the following lines to prefs.js:
user_pref("capability.principal.codebase.p0.granted", "UniversalXPConnect UniversalBrowserRead");
user_pref("capability.principal.codebase.p0.id", "file://C|/path/to/my/tiddlywiki.html");
However, this does not help those with a changing number of TiddlyWikis.
[edit] Firefox Privileges Plugin
Another solution that can work in Firefox 3 is the FirefoxPrivilegesPlugin. This plugin for TiddlyWiki produces a Firefox Privileges wizard, which can help set permissions for a particular TiddlyWiki file.
[edit] Changing strict_origin_policy
-- edit: please look at Bug 435254 – 'remember this selection' not saved across FF sessions, the solution there worked for me: "setting security.fileuri.strict_origin_policy to "false" in about:config prevents the dialog from opening".. FirefoxPrivilegesPlugin is still great though, allowing to see what actual privileges are seen by Firefox..
-- edit: if using Prism these settings are stored in prism\defaults\preferences\preferences.js - since the fileuri setting will likely not be in here already, you will need to add it under the security settings section, the syntax is slightly different from the instructions provided for Firefox above, the line I added looked like:
pref("security.fileuri.strict_origin_policy", false);
This worked great for me, no more irritating confirmations I am using this with the latest Prism release 0.9.9 - in addition to appearing faster, the firefox find function is now enabled in this release of Prism and makes life much easier for long tiddlers
