Saturday, February 13, 2010

To hell with browser security, let me cram the Mentos in the bottle

The web browser is much more standards-based than any desktop application any of us normally uses, which makes it a compelling platform for developing personal web apps -- certainly much more compelling than something like Eclipse, say (which is theoretically an "anything platform"). But there are still quite a few things browsers don't do well -- and/or don't do in standardized fashion, or do in a just plain irritating fashion. One is data persistence. Another is file I/O. Another is cross-domain AJAX. If you try to do certain types of supposedly "insecure" things in a browser app, you're pretty much hosed at the outset.

I'd like to be able to open an XML file on disk, read Twitter user IDs from it, and then make AJAX calls to Twitter to either follow or unfollow those user IDs. I actually do this now using Greasemonkey scripts -- but the scripts complain about the "file://" URL scheme of the XML, unless you set a particular config value (greasemonkey.fileIsGreaseable) to true in the about:config screen of Firefox, as I wrote previously here.

But what I'd really like to be able to do is run the same Greasemonkey script in Chrome instead of Firefox. But Chrome doesn't have a greasemonkey.fileIsGreaseable security setting that I can override. Basically I can't trigger a script to fire off of opening a file. I have to serve myself the file over HTTP. Which means I have to install and run an instance of Apache (or another web server) just to serve myself these XML files so they'll trigger the script properly. Which is a lot of nonsense.

Sometimes I wish Chrome and Firefox and all the rest had a master security setting -- call it userAgreesToHoldTheEntireUniverseHarmlessWhileHeKillsHimself -- that would, with the flip of a bit, let me disable all the ridiculous child-proof bottle caps of the browser world. I want to pull the mattress tags off, ignore the Surgeon General warnings, and run wild-eyed down the hallway with scissors in both hands. Let me test the "no user-serviceable parts" hypothesis. Let me decide if my browser should do "file://" I/O in an AJAX call, let me decide if a script will fire when I manually Open a file, yes let me decide if one of my own scripts should be able to slurp the cache using about:cache or persist a bit of user data in an insecure way. Folks, I want to drive over the speed limit. I want to have unsafe-file-I/O sex. (Cover your ears. I am going to shout now.) Hear me O Browser Thought Police, whoever you are, wherever you are, and let me knowingly flip the sanity bit. I'm tired of being treated like a retarded child. Stand the fuck back and let me cram the Mentos in the goddam bottle already.


  1. You're not the one being treated like a retarded child, it's the rest of the internet. When you connect that browser to http, you're dipping part of your computer into raw sewage. I see your point, of course: being able to turn off the safety switches can make some things easier.

    But both Firefox and Chromium are open source. You *can* flip the switch yourself, if you really want it. You just won't have anyone to complain to when your custom browser gets exploited.

  2. Anonymous11:15 PM

    Having a switch that can be easily flipped in the UI or with a configuration setting means that it is even easier to trick people who don't know better into flipping it.

  3. Though we manufacture different products but among all office furniture chairs are the most demanded. We not only deal with local clients but also with national and international clients. The products that we manufacture are supplied to various offices, hospitals, auditoriums, cafeteria, homes and schools.
    Chair Manufacturers in Mumbai
    Chair Supplier in Mumbai
    Office Chair Supplier in Mumbai
    Visitor Chair Supplier in Mumbai
    Chair Dealers in Mumbai

  4. You can forget your stress and anxiety with the help of best movers and packers in Hyderabad who take on the responsibility of shifting your household goods. They will perform all the laborious tasks of packing, loading, moving, unloading and even unpacking your items with much ease. And, they will also help you arrange all your things in the new house as required by you.
    Movers and Packers in Gachibowli
    Movers and Packers in Kukatpally
    Movers and Packers in Chanda Nagar
    Movers and Packers in Manikonda

  5. Availing the services of the best movers packers Hyderabad prove to be beneficial in terms of expenses as well as ease of moving. They bring the packing material and equipment necessary to move your items safely.
    Packers and Movers in Madhapur
    Packers and Movers in Gachibowli
    Packers and Movers in Chanda Nagar

  6. Packers and Movers in Mumbai achieve conceit in offering great packing and moving services at reasonable costs. We deal all types of packing and moving services in Mumbai and other main cities of India.
    Please Visit Our Website :
    Movers and Packers in Dadar
    Movers and Packers in Thane
    Movers and Packers in Panvel
    Packers and Movers in Kamothe


Add a comment. Registration required because trolls.