Hello,
I’m developing Group Speed Dial using web-extension API and I’m getting feature requests to support file:// protocol.
Some people want to access their locally stored .html pages from speed-dial addon.
However there is some security restriction that prevents opening any link pointing to “file:///”.
Is there a way to get over this restriction? Now or in the future - by requesting maybe a new security API for web-extension? If there is no solution yet, can somebody tell me what would be the best way to request this kind of feature?
AFAIK in Chrome, the user has to set an extra checkbox in the add-on manager, which will only appear if the extension has set host permissions including <all_urls> or file://…
There is a function in the .extension or .runtime namespace that should tell you whether you have file system access or not. If that returns false in Firefox, I guess that is your answer, at least for now.
will not open file “simple.html” from my desktop (if I copy the ‘href’ value into addressbar I can view the html file).
I understand the security issue here but I believe the add-ons deserves this functionality.
Unfortunately, it’s not planned for Firefox 57, but may be available later. Even the article you linked to at https://wiki.mozilla.org/WebExtensions/Filesystem mentions at the very bottom “Firefox 57 / Not Planned / Access to file:// URLs or reading files without any explicit user input”
it’s unfortunate that this isn’t even possible on explicit user input or by requesting permissions.
I’m the author of the LocalLink addon which adds a context submenu to the page context menu so that users can open file:// links contained in web pages. (Some bad content systems do this so that users rely on it.) Note that this requries explicit interactions, I’m not circumventing same-origin policy for “ordinary link clicks”.
In the XUL version of my addon, I use window.loadURI(uri, null, null), openNewTabWith(uri, null, null, event) and openNewWindowWith(uri, null, null) to open those uris irrespective of checkloaduri.
I ported the context menu and such to webextensions now, but browser.tabs.update() and window.open() called from a background script are subject to the same-origin restrictions, no loading of file:// uris
requesting "file://*/" permissions in manifest.json does not help either. MDN docu suggests "content_security_policy": "script-src 'self'; object-src 'self'; navigation-to 'filesystem:'" but my Firefox 56 does not know navigation-to, and I don’t think Firefox 57 does.
Entering file:// uris in the address bar directly works, of course. Is there any way to (request a permission to be able to) to do this from a webextension? I.e., based upon user input, update a tab or create a new one that navigates to a given file:// uri?
I have been trying to load a PDF with the documentation provided , the pdf loads up fine but some of the layers they dont load up properly . I’ve tried templates from a few websites . e.g teardrop flags these are showing errors .