Search completed in 0.88 seconds.
Using the Permissions API - Web APIs
this article provides a basic guide to using the w3c
permissions api, which provides a programmatic way to query the status of api
permissions attributed to the current context.
... let's face it,
permissions on the web are a necessary evil, and they are not much fun to deal with as developers.
... historically, different apis handle their own
permissions inconsistently — for example the notifications api allows for explicit checking of permission status and requesting permission, whereas the geolocation api doesn't (which causes problems if the user denied the initial permission request, as we'll see below).
...And 19 more matches
Permissions API - Web APIs
the
permissions api provides a consistent programmatic way to query the status of api
permissions attributed to the current context.
... for example, the
permissions api can be used to determine if permission to access a particular api has been granted or denied.
... concepts and usage historically different apis handle their own
permissions inconsistently — for example the notifications api allows for explicit checking of permission status and requesting permission, whereas the geolocation api doesn't (which causes problems if the user denied the initial permission request).
...And 10 more matches
Permissions.query() - Web APIs
the
permissions.query() method of the
permissions interface returns the state of a user permission on the global scope.
... syntax navigator.
permissions.query(permissiondescriptor).then(function(
permissionstatus) { ...
...the available options are: name: the name of the api whose
permissions you want to query.
...And 7 more matches
Permissions - Web APIs
the
permissions interface of the
permissions api provides the core permission api functionality, such as methods for querying and revoking
permissions methods
permissions.query() returns the user permission status for a given api.
...
permissions.request() requests permission to use a given api.
...
permissions.requestall() requests permission to use a given set of apis.
...And 6 more matches
Permissions.revoke() - Web APIs
the
permissions.revoke() method of the
permissions interface reverts a currently set permission back to its default state, which is usually prompt.
... syntax this method is called on the global
permissions object navigator.
permissions.
... var revokepromise = navigator.
permissions.revoke(descriptor); parameters descriptor an object based on the permissiondescriptor dictionary that sets options for the operation consisting of a comma-separated list of name-value pairs.
...And 5 more matches
PermissionStatus - Web APIs
the
permissionstatus interface of the
permissions api provides the state of an object and an event handler for monitoring changes to said state.
... properties
permissionstatus.state read only returns the state of a requested permission; one of 'granted', 'denied', or 'prompt'.
...
permissionstatus.statusread only returns the state of a requested permission; one of 'granted', 'denied', or 'prompt'.
...And 3 more matches
XRPermissionStatus - Web APIs
the xr
permissionstatus interface defines the object returned by calling navigator.
permissions.query() for the xr permission name; it indicates whether or not the app or site has permission to use webxr, an may be monitored over time for changes to that
permissions tate.
... properties in addition to the properties listed below, xr
permissionstatus includes the properties defined by its parent interface,
permissionstatus.
... granted an array of strings listing the names of the features for which permission has been granted as of the time at which navigator.
permissions.query() was called.
...And 3 more matches
WorkerNavigator.permissions - Web APIs
the workernavigator.
permissions read-only property returns a
permissions object that can be used to query and update permission status of apis covered by the
permissions api.
... syntax
permissionsobj = self.
permissions value a
permissions object.
... examples self.navigator.
permissions.query({name:'notifications'}).then(function(result) { if (result.state === 'granted') { shownotification(); } else if (result.state === 'prompt') { requestnotificationpermission() } }); specification specification status comment
permissions working draft initial definition.
...And 2 more matches
Navigator.permissions - Web APIs
the navigator.
permissions read-only property returns a
permissions object that can be used to query and update permission status of apis covered by the
permissions api.
... syntax
permissionsobj = globalobj.navigator.
permissions value a
permissions object.
... examples navigator.
permissions.query({name:'geolocation'}).then(function(result) { if (result.state === 'granted') { showmap(); } else if (result.state === 'prompt') { showbuttontoenablemap(); } // don't do anything if the permission was denied.
... }); specification specification status comment
permissions working draft initial definition.
PermissionStatus.onchange - Web APIs
the onchange event handler of the
permissionstatus interface is called whenever the
permissionstatus.state property changes.
... syntax
permissionstatus.onchange = function() { ...
... }
permissionstatus.addeventlistener('change', function() { ...
... }) example navigator.
permissions.query({name:'geolocation'}).then(function(
permissionstatus) { console.log('geolocation permission state is ',
permissionstatus.state);
permissionstatus.onchange = function() { console.log('geolocation permission state has changed to ', this.state); }; }); specification specification status comment
permissionsthe definition of 'onchange' in that specification.
PushManager.permissionState() - Web APIs
the
permissionstate() method of the pushmanager interface returns a promise that resolves to a domstring indicating the permission state of the push manager.
... note: as of firefox 44, the
permissions for notifications and push have been merged.
... syntax pushmanager.
permissionstate(options).then(function(pushmessagingstate) { ...
... specifications specification status comment push apithe definition of '
permissionstate()' in that specification.
Privacy, permissions, and information security
servers to let them protect themselves from protocol downgrade and cookie hijack attacks by letting sites tell clients that they can only use https to communicate with the server http/2 while http/2 technically does not have to use encryption, most browser developers are only supporting it when used with https, so it can be thought of in that regard as being security-related
permissions api provides a way to determine the status of
permissions for the current browser context transport layer security (tls); formerly known as secure sockets layer (ssl) tls provides security and privacy by encrypting data during transport over the network.
... this is the technology behind the https (hypertext transport protocol secured) protocol not all of these are generally directly used within code; notably, the
permissions api, feature policy, and the allow attribute on <iframe> elements are primary tools directly used by code to help secure a site and its content.
... keeping personal data safe managing site
permissions bringing it all together <using feature policy with
permissions and so forth; how to use them together, how they interact, etc> permission requests in <iframe> elements things can get tricky when your web app uses the <iframe> element to embed content from another site inside your own, especially if the document you load into the frame has its own permission needs to consider.
... <--- allow attribute, feature policy, and
permissions api stuff ---> a specific user experience issue that often arises is a document that's loaded with permission to access a resource and the document contains an <iframe> with the allow attribute to delegate that permission to the contents of the frame.
XRPermissionStatus.granted - Web APIs
the webxr device api's xr
permissionstatus interface's granted property is an array of strings, each identifying one of the webxr features for which permission has been granted as of the time at which the permission api's navigator.
permissions.query() method was called.
... syntax grantedfeatures = xr
permissionstatus.granted; value an array of domstring objects, each identifying a single webxr feature which the app or site has been granted permission to use.
... xrreferencespace usage notes examples specifications specification status comment webxr device apithe definition of 'xr
permissionstatus.granted' in that specification.
PermissionStatus.state - Web APIs
the state read-only property of the
permissionstatus interface returns the state of a requested permission.
... syntax var permission =
permissionstatus.state; example navigator.
permissions.query({name:'geolocation'}).then(function(
permissionstatus) { console.log('geolocation permission state is ',
permissionstatus.state);
permissionstatus.onchange = function() { console.log('geolocation permission status has changed to ', this.state); }; }); specification specification status comment
permissionsthe definition of 'state' in that specification.
nsIFile
void create(in unsigned long type, in unsigned long
permissions); void createunique(in unsigned long type, in unsigned long
permissions); boolean equals(in nsifile infile); boolean exists(); acstring getrelativedescriptor(in nsifile fromfile); void initwithfile(in nsifile afile); void initwithnativepath(in acstring filepath); void initwithpath(in astring filepath); boolean isdirectory(); ...
... example, this could return "/home/user/foo.txt" or "c:\images\my.jpeg"
permissions unsigned long the value of this attribute is a unix-style file permission mask for this nsifile.
... changing the
permissions of a nsifile operates on the underlying filesystem.
...And 14 more matches
Index - Web APIs
access to the contents of the clipboard is gated behind the
permissions api; without user permission, reading or altering the clipboard contents is not permitted.
...feature whose name appears on the list might not be allowed by the feature policy of the current execution context and/or might not be accessible because of user's
permissions.
...this event occurs when the track will no longer provide data to the stream for any reason, including the end of the media input being reached, the user revoking needed
permissions, the source device being removed, or the remote peer ending a connection.
...And 13 more matches
Getting File Information - Archive of obsolete content
file
permissions several methods may be used to check for file
permissions.
...however, you can also use the
permissions (nsifile.attributes) attribute to get the unix-style permission flags for a file.
... this attribute is also necessary if you need to modify the
permissions.
...And 4 more matches
Sensor APIs - Web APIs
the only time anything is shown to the user is when
permissions need to be requested and when the sensor type isn't supported by the device.
... console.log('sensor construction was blocked by a feature policy.'); } else if (error.name === 'referenceerror') { console.log('sensor is not supported by the user agent.'); } else { throw error; } }
permissions and feature policy sensor readings may not be taken unless the user grants permission to a specific sensor type.
... do this using the
permissions api.
...And 3 more matches
XRPermissionDescriptor - Web APIs
user
permissions in the webxr device api are managed using the
permissions api.
... the xrpermissiondescriptor's name must be set to xr in order to direct the
permissions api to correctly handle the request as applying to webxr.
... mode an xrsessionmode value indicating the xr mode (inline, immersive-vr, or immersive-ar) for which the
permissions are requested.
...And 3 more matches
AbsoluteOrientationSensor - Web APIs
to use this sensor, the user must grant permission to the 'accelerometer', 'gyroscope', and 'magnetometer' device sensors through the
permissions api.
... model.quaternion.fromarray(sensor.quaternion).inverse(); }); sensor.addeventlistener('error', error => { if (event.error.name == 'notreadableerror') { console.log("sensor is not available."); } }); sensor.start();
permissions example using orientation sensors requires requesting
permissions for multiple device sensors.
... because the
permissions uses promises, a good way to request
permissions is to use promise.all.
...And 2 more matches
Clipboard.read() - Web APIs
note: the asynchronous clipboard and
permissions apis are still in the process of being integrated into most browsers, so they often deviate from the official rules for
permissions and the like.
... example after using navigator.
permissions.query() to find out if we have (or if the user will be prompted to allow) "clipboard-read" access, this example fetches the data currently on the clipboard.
... // first, ask the
permissions api if we have some kind of access to // the "clipboard-read" feature.
...And 2 more matches
RelativeOrientationSensor - Web APIs
to use this sensor, the user must grant permission to the 'accelerometer', and 'gyroscope' device sensors through the
permissions api.
... model.quaternion.fromarray(sensor.quaternion).inverse(); }); sensor.addeventlistener('error', error => { if (event.error.name == 'notreadableerror') { console.log("sensor is not available."); } }); sensor.start();
permissions example using orientation sensors requires requsting
permissions for multiple device sensors.
... becuase the
permissions uses promises, a good way to request
permissions is to use promise.all.
...And 2 more matches
XRPermissionDescriptor.requiredFeatures - Web APIs
the xrpermissiondescriptor dictionary's requiredfeatures property should be set prior to calling navigator.
permissions.query() to a list of webxr features which must be supported for the app to work.
... this ensures that
permissions are checked as applicable to ensure that those features are available upon request.
...the
permissions check will be performed in such a manner as to verify that all features in the list are available for use with the user's permission.
...And 2 more matches
OS.File for the main thread
ng path, [optional] in object options); promise<void> removeemptydir(in string path, [optional] in object options); promise<void> removedir(in string path, [optional] in object options); promise<void> setcurrentdirectory(in string path); promise<void> setdates(in string path, in date|number accessdate, in date|number modificationdate); promise<void> set
permissions(in string path, in object options ); promise<file.info> stat(in string path, [optional] in object options); promise<void> unixsymlink(in string targetpath, in string createpath); promise<void> writeatomic(in string path, in arrayview data, in object options); methods os.file.open() use method os.file.open() to open a file.
... ignore
permissions if true, this function will remove the directory even when lacking write
permissions.
... os.file.set
permissions() sets the file's access permission bits.
... promise<void> set
permissions( in string path, in object options ) arguments path the complete path to the file.
Index
454 nsicookiepermission cookies, interfaces, interfaces:scriptable, xpcom, xpcom api reference the nsicookiepermission interface is used to test for cookie
permissions 455 nsicookiepromptservice cookies, interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference the nsicookiepromptservice interface is to open a dialog to ask to permission to accept the cookie.
... 649
permissions xpcom, xpcom api reference no summary!
... 650
permissionsoflink no summary!
... 825 nsipermissionmanager interfaces, interfaces:scriptable, xpcom, xpcom interface reference the nsipermissionmanager interface is used to persistently store
permissions for different object types (cookies, images, and so on) on a site-by-site basis.
nsIScriptableIO
nsisupports newinputstream(in nsivariant abase, in astring amode, [optional] in astring acharset, [optional] in astring areplacechar, [optional] in unsigned long abuffersize); nsisupports newoutputstream(in nsivariant abase, in astring amode, [optional] in astring acharset, [optional] in astring areplacechar, [optional] in unsigned long abuffersize, [optional] in unsigned long a
permissions); nsiuri newuri(in nsivariant auri); methods getfile() retrieves a reference to a file or directory on disk.
... nsisupports newoutputstream( in nsivariant abase, in astring amode, [optional] in astring acharset, [optional] in astring areplacechar, [optional] in unsigned long abuffersize, [optional] in unsigned long a
permissions ); parameters abase the base object to which to write.
... a
permissions the
permissions to use on a newly created file, if applicable.
... typically you will use an actual octal
permissions value for this parameter.
nsISecurityCheckedComponent
method overview string cancallmethod(in nsiidptr iid, in wstring methodname); string cancreatewrapper(in nsiidptr iid); string cangetproperty(in nsiidptr iid, in wstring propertyname); string cansetproperty(in nsiidptr iid, in wstring propertyname); methods cancallmethod() returns a capability string indicating what
permissions are required to call the specified method on the given interface.
...cancreatewrapper() returns a string indicating what
permissions are required to create a wrapper for the given interface.
...cangetproperty() returns the
permissions required to get the specified property on the given interface.
...cansetproperty() returns the
permissions required to set the specified property on the given interface.
Using the Notifications API - Web APIs
https), and you can no longer allow notification
permissions to be requested from cross-origin <iframe>s.
...if you want to support older versions, you might have to use the older callback version, which looks like this: notification.requestpermission(); the callback version optionally accepts a callback function that is called once the user has responded to the request to display
permissions.
... example in our todo list demo, we include an "enable notifications" button that, when pressed, requests notification
permissions for the app.
... <button id="enable">enable notifications</button> clicking this calls the asknotificationpermission() function: function asknotificationpermission() { // function to actually ask the
permissions function handlepermission(permission) { // whatever the user answers, we make sure chrome stores the information if(!('permission' in notification)) { notification.permission = permission; } // set the button to shown or hidden, depending on what the user answers if(notification.permission === 'denied' || notification.permission === 'default') { notificationbtn.style.display = 'block'; } else { notificationbtn.style.display = 'none'; } } // let's check if the browser supports notifications if (!('notification' in window)) { console.log("this br...
OrientationSensor - Web APIs
model.quaternion.fromarray(sensor.quaternion).inverse(); }); sensor.addeventlistener('error', error => { if (event.error.name == 'notreadableerror') { console.log("sensor is not available."); } }); sensor.start();
permissions example using orientation sensors requires requsting
permissions for multiple device sensors.
... becuase the
permissions uses promises, a good way to request
permissions is to use promise.all.
... const sensor = new absoluteorientationsensor(); promise.all([navigator.
permissions.query({ name: "accelerometer" }), navigator.
permissions.query({ name: "magnetometer" }), navigator.
permissions.query({ name: "gyroscope" })]) .then(results => { if (results.every(result => result.state === "granted")) { sensor.start(); ...
... } else { console.log("no
permissions to use absoluteorientationsensor."); } }); specifications specification status comment orientation sensorthe definition of 'orientationsensor' in that specification.
Cross-domain Content Scripts - Archive of obsolete content
in particular, they can't: access content hosted in an iframe, if that content is served from a different domain make cross-domain xmlhttprequests however, you can enable these features for specific domains by adding them to your add-on's package.json under the "cross-domain-content" key, which itself lives under the "
permissions" key: "
permissions": { "cross-domain-content": ["http://example.org/", "http://example.com/"] } the domains listed must include the scheme and fully qualified domain name, and these must exactly match the domains serving the content - so in the example above, the content script will not be allowed to access content served from https://example.com/.
... the "page-script.js" file locates "today's featured article" and sends its content to "main.js": // page-script.js var iframe = window.document.getelementbyid("wikipedia"); var todaysfeaturedarticle = iframe.contentwindow.document.getelementbyid("mp-tfa"); self.postmessage(todaysfeaturedarticle.textcontent); for this to work, we need to add the "cross-domain-content" key to "package.json": "
permissions": { "cross-domain-content": ["http://en.m.wikipedia.org/"] } the add-on should successfully retrieve the iframe's content.
...jsonresponse = json.parse(request.responsetext); var summary = getsummary(jsonresponse); var element = document.getelementbyid("forecast_summary"); element.textcontent = summary; }; request.send(); }); function getsummary(forecast) { return forecast.regionalfcst.fcstperiods.period[0].paragraph[0].$; } finally, we need to add the "cross-domain-content" key to "package.json": "
permissions": { "cross-domain-content": ["http://datapoint.metoffice.gov.uk"] } content
permissions and unsafewindow if you use "cross-domain-content", then javascript values in content scripts will not be available from pages.
widget - Archive of obsolete content
allow object an optional object describing
permissions for the content.
... allow a object describing
permissions for the content.
... allow a object describing
permissions for the content.
Index
} win95::x86 { equivalentplatform {winnt::x86} } sunos:5.5.1:sparc { modulename { "example unix module" } modulefile { unix/fort.so } defaultmechanismflags{0x0001} cipherenableflags{0x0001} files { unix/fort.so { relativepath{%root%/lib/fort.so} absolutepath{/usr/local/netscape/lib/fort.so} file
permissions{555} } xplat/instr.html { relativepath{%root%/docs/inst.html} absolutepath{/usr/local/netscape/docs/inst.html} file
permissions{555} } } } irix:6.2:mips { equivalentplatform { sunos:5.5.1:sparc } } } script grammar the script is basic java, allowing lists, key-value pairs, strings, and combin...
... file
permissions sets
permissions on any referenced files in a string of octal digits, according to the standard unix format.
... user read: 0400 user write: 0200 user execute: 0100 group read: 0040 group write: 0020 group execute: 0010 other read: 0004 other write: 0002 other execute: 0001 some platforms may not understand these
permissions.
NSS tools : modutil
epath { %temp%/setup.hlp } } win32/setup.cab { relativepath { %temp%/setup.cab } } } } win95::x86 { equivalentplatform {winnt::x86} } sunos:5.5.1:sparc { modulename { "example unix module" } modulefile { unix/fort.so } defaultmechanismflags{0x0001} cipherenableflags{0x0001} files { unix/fort.so { relativepath{%root%/lib/fort.so} absolutepath{/usr/local/netscape/lib/fort.so} file
permissions{555} } xplat/instr.html { relativepath{%root%/docs/inst.html} absolutepath{/usr/local/netscape/docs/inst.html} file
permissions{555} } } } irix:6.2:mips { equivalentplatform { sunos:5.5.1:sparc } } } script grammar the script is basic java, allowing lists, key-value pairs, strings, and combinations of all of them.
... file
permissions sets
permissions on any referenced files in a string of octal digits, according to the standard unix format.
... user read: 0400 user write: 0200 user execute: 0100 group read: 0040 group write: 0020 group execute: 0010 other read: 0004 other write: 0002 other execute: 0001 some platforms may not understand these
permissions.
NSS Tools modutil
.cab } } } } win95::x86 { equivalentplatform {winnt::x86} } sunos:5.5.1:sparc { modulename { "fortezza unix module" } modulefile { unix/fort.so } defaultmechanismflags{0x0001} cipherenableflags{0x0001} files { unix/fort.so { relativepath{%root%/lib/fort.so} absolutepath{/usr/local/netscape/lib/fort.so} file
permissions{555} } xplat/instr.html { relativepath{%root%/docs/inst.html} absolutepath{/usr/local/netscape/docs/inst.html} file
permissions{555} } } } irix:6.2:mips { equivalentplatform { sunos:5.5.1:sparc } }} script grammar the script file grammar is as follows: --> valuelistvaluelist --> value valuelist <null>value...
... file
permissions interpreted as a string of octal digits, according to the standard unix format.
... this string is a bitwise or of the following constants: user read: 0400 user write: 0200 user execute: 0100 group read: 0040 group write: 0020 group execute: 0010 other read: 0004 other write: 0002 other execute: 0001 some platforms may not understand these
permissions.
NSS tools : modutil
} win95::x86 { equivalentplatform {winnt::x86} } sunos:5.5.1:sparc { modulename { "example unix module" } modulefile { unix/fort.so } defaultmechanismflags{0x0001} cipherenableflags{0x0001} files { unix/fort.so { relativepath{%root%/lib/fort.so} absolutepath{/usr/local/netscape/lib/fort.so} file
permissions{555} } xplat/instr.html { relativepath{%root%/docs/inst.html} absolutepath{/usr/local/netscape/docs/inst.html} file
permissions{555} } } } irix:6.2:mips { equivalentplatform { sunos:5.5.1:sparc } } } script grammar the script is basic java, allowing lists, key-value pairs, strings, and combin...
... file
permissions sets
permissions on any referenced files in a string of octal digits, according to the standard unix format.
... user read: 0400 user write: 0200 user execute: 0100 group read: 0040 group write: 0020 group execute: 0010 other read: 0004 other write: 0002 other execute: 0001 some platforms may not understand these
permissions.
nsICookiePermission
the nsicookiepermission interface is used to test for cookie
permissions netwerk/cookie/nsicookiepermission.idlscriptable please add a summary to this article.
...setaccess() sets cookie access
permissions for the given uri.
...aaccess the new cookie access
permissions for the uri.
nsIPermissionManager
the nsipermissionmanager interface is used to persistently store
permissions for different object types (cookies, images, and so on) on a site-by-site basis.
... in string type); pruint32 testexactpermissionfromprincipal(in nsiprincipal principal, in string type); pruint32 testpermission(in nsiuri uri, in string type); pruint32 testpermissionfromprincipal(in nsiprincipal principal, in string type); attributes attribute type description enumerator nsisimpleenumerator enumerates all stored
permissions.
... removepermission() remove a given permission from the stored
permissions.
Clipboard - Web APIs
calls to the methods of the clipboard object will not succeed if the user hasn't granted the needed
permissions using the
permissions api and the "clipboard-read" or "clipboard-write" permission as appropriate.
... for example, firefox does not yet support the "clipboard-read" and "clipboard-write"
permissions, so access to the methods that access and change the contents of the clipboard are restricted in other ways.
... for webextensions, you can request the clipboardread and clipboardwrite
permissions to be able to use clipboard.readtext() and clipboard.writetext().
MediaDevices.getUserMedia() - Web APIs
on browsers that support managing media
permissions with feature policy, this error is returned if feature policy is not configured to allow access to the input source(s).
... the two
permissions that apply to getusermedia() are camera and microphone.
...these kinds of urls loaded from javascript code inherit the script's
permissions.
PushManager - Web APIs
pushmanager.
permissionstate() returns a promise that resolves to the permission state of the current pushmanager, which will be one of 'granted', 'denied', or 'prompt'.
... deprecated methods pushmanager.haspermission() returns a promise that resolves to the push
permissionstatus of the requesting webapp, which will be one of granted, denied, or default.
... replaced by pushmanager.
permissionstate().
Web APIs
fullscreen apiggamepad api geolocation apihhtml drag and drop apihigh resolution timehistory apiiimage capture apiindexeddbintersection observer apillong tasks api mmedia capabilities api media capture and streamsmedia session apimedia source extensions mediastream recordingnnavigation timingnetwork information api ppage visibility apipayment request apiperformance apiperformance timeline api
permissions apipointer eventspointer lock apiproximity events push api rresize observer apiresource timing apisserver sent eventsservice workers apistoragestorage access apistreams ttouch eventsuurl apivvibration apivisual viewport wweb animationsweb audio apiweb authentication apiweb crypto apiweb notificationsweb storage apiweb workers apiwebglwebrtcwebvttwebxr device apiwebsockets api interfaces th...
... paymentresponse paymentvalidationerrors pbkdf2params performance performanceentry performanceeventtiming performanceframetiming performancelongtasktiming performancemark performancemeasure performancenavigation performancenavigationtiming performanceobserver performanceobserverentrylist performancepainttiming performanceresourcetiming performanceservertiming performancetiming periodicwave
permissionstatus
permissions photocapabilities plugin pluginarray point pointerevent popstateevent positionoptions processinginstruction progressevent promiserejectionevent publickeycredential publickeycredentialcreationoptions publickeycredentialrequestoptions pushevent pushmanager pushmessagedata pushregistrationmanager pushsubscription r rtcansweroptions rtccertificate rtcconfiguratio...
...est xmlhttprequesteventtarget xmlhttprequestresponsetype xmlserializer xpathevaluator xpathexception xpathexpression xpathnsresolver xpathresult xrboundedreferencespace xrenvironmentblendmode xreye xrframe xrframerequestcallback xrhandedness xrinputsource xrinputsourcearray xrinputsourceevent xrinputsourceeventinit xrinputsourceschangeevent xrinputsourceschangeeventinit xrpermissiondescriptor xr
permissionstatus xrpose xrreferencespace xrreferencespaceevent xrreferencespaceeventinit xrreferencespacetype xrrenderstate xrrenderstateinit xrrigidtransform xrsession xrsessionevent xrsessioneventinit xrsessioninit xrsessionmode xrspace xrsystem xrtargetraymode xrview xrviewerpose xrviewport xrvisibilitystate xrwebgllayer xrwebgllayerinit xsltprocessor ...
Interacting with page scripts - Archive of obsolete content
to do this, add an option called “unsafe-content-script” under the “
permissions” key in package.json, and set it to true.
... "
permissions": { "unsafe-content-script": true } this is only a temporary migration aid, and will be removed eventually.
content/symbiont - Archive of obsolete content
allow object
permissions for the content, with the following keys: script boolean whether or not to execute script in the content.
... allow
permissions for the content, with a single boolean key called script which defaults to true and indicates whether or not to execute scripts in the content.
package.json - Archive of obsolete content
others, such as lib,
permissions, and preferences, represent instructions to the jpm tool itself to generate and include particular code and data structures in your add-on.
...
permissions an object describing the set of
permissions that the add-on needs.
Session store API - Archive of obsolete content
the tab's persistent xul attributes (those saved due to calls to persisttabattribute()) and
permissions are restored.
... if you want to set
permissions or otherwise manipulate a restored tab before the page is loaded into it, you should watch sstabrestoring.
Bypassing Security Restrictions and Signing Code - Archive of obsolete content
early versions of firefox allowed web sites to segregate principals using signed scripts, and request extra
permissions for scopes within signed scripts using a function called enableprivelege.
... sites that require additional
permissions should now ask firefox users to install an extension, which can interact with non-privileged pages if needed.
XUL Structure - Archive of obsolete content
both html and xul placed on a web site have no extra
permissions; however both html and xul loaded through a chrome url have enhanced
permissions.
...just copying a xul file into the chrome directory doesn't give the file any extra
permissions, nor can it be accessed via a chrome url.
application/http-index-format specification - Archive of obsolete content
file-type one of the following keywords to represent a special status for a file: file directory symbolic-link sym-file (a symbolic link to a file) sym-directory (a symbolic link to a directory)
permissions unix type file permission syntax.
... 3 slots either 'r', 'w', 'x', or '-' representing, in order, read, write, or execute
permissions.
Mozprofile - Archive of obsolete content
setting
permissions mozprofile also takes care of adding
permissions to the profile.
... see https://github.com/mozilla/mozbase/b...
permissions.py resources other mozilla programs offer additional and overlapping functionality for profiles.
Common Firefox theme issues and solutions - Archive of obsolete content
about:
permissions domain names don't line up in about:
permissions the domains on the domain list of about:
permissions do not line up properly due to missing placeholder icons for domains without favicons.
... this issue is fixed by adding the following css instructions to the file browser/preferences/about
permissions.css: .site-favicon { height: 16px; width: 16px; -moz-margin-end: 4px; list-style-image: url("chrome://mozapps/skin/places/defaultfavicon.png"); } web developer tools web developer toolbar {to be added} web console web console buttons do not change appearance on the web console (tools > web developer > web console), the toolbar buttons on the left-hand side do not change their appearance between their toggled on and toggled off status as a result it is not possible to determine which buttons are enabled.
From object to iframe — other embedding technologies - Learn web development
always use the sandbox attribute you want to give attackers as little power as you can to do bad things on your website, therefore you should give embedded content only the
permissions needed for doing its job.
... if absolutely required, you can add
permissions back one by one (inside the sandbox="" attribute value) — see the sandbox reference entry for all the available options.
Android-specific test suites
for example, to disable org.mozilla.gecko.
permissions.testsuccessrunnableisexecutedif
permissionsaregranted, add @ignore as follows: ...
... @runwith(testrunner.class) public class test
permissions { @ignore @test public void testsuccessrunnableisexecutedif
permissionsaregranted() { ...
What to do and what not to do in Bugzilla
if you need faster access to get canconfirm or editbugs, especially in order to triage bugs or to participate in a bug day, then you can ask in #bmo on irc, or you may create a bug requesting
permissions.
...the same is true for editbugs: leave comments with the information you'd like to be able to edit into the bug, and that will help you get the editbugs
permissions quickly.
FileUtils.jsm
ly parameter to pr_open mode_wronly 0x02 corresponds to the pr_wronly parameter to pr_open mode_create 0x08 corresponds to the pr_create_file parameter to pr_open mode_append 0x10 corresponds to the pr_append parameter to pr_open mode_truncate 0x20 corresponds to the pr_truncate parameter to pr_open perms_file 0644 default
permissions when creating files.
... perms_directory 0755 default
permissions when creating directories methods getfile() gets a file at the specified hierarchy under a nsidirectoryservice key.
Named Shared Memory
referenced directories should have
permissions appropriate for writing.
...set
permissions and or access controls at create and attach time to ensure you get the desired security.
Secure Development Guidelines
s foo { private: char *ptr; public: foo() {} ~foo() { if (ptr) free(ptr); } }; constructor/destructor issues: prevention initialize the data members of an object in the constructor writing secure code: miscellaneous file i/o a lot can go wrong because a lot can be done with file input and output filenames
permissions file handles and descriptors file i/o: filename divided in directories, subdirectories, and the file itself ‘/’ is separator; in windows ‘\’ would work too int openfile(char *file) { handle fh; if (strstr(file, “\”)) return -1; fh = createfilea(file, ...); writefile(fh, data, sizeofdata, null, null); } could be a normal file, direct...
...ory, device, or link directory traversal (../../../../) file i/o: file
permissions should be set correctly be sure not to make world-writable files sensitive files shouldn’t be world readable file i/o: file descriptors and handles could be a race if instances of fh are shared between threads fh inheritence: default in unix, needs to be set in windows int main(int argc, char **argv, char **envp) { int fd = open("/etc/shadow", o_rdwr); setreuid(getuid(), getuid()); excve("/bin/sh", argv, envp); } suid root applications file i/o: file descriptors and handles potential overflows when using select fd_set struct, static length, holds a bitmask of fds manipulated with fd_set, fd_isset, fd_clr and fd_zero macros fd_set’s size depends on the operating system if ...
nsILocalFile
mode a unix-style file
permissions value.
...this parameter may be ignored on systems that do not support file
permissions.
WebIDL bindings
checking for
permissions or preferences with js-implemented webidl, the init method should only return undefined.
... for
permissions or other kinds of checking, add an extended attribute func="mypermissionchecker" where mypermissionchecker is a function implemented in c++ that returns true if the interface should be enabled.
MediaDeviceInfo.label - Web APIs
only available during active mediastream use, or when persistent
permissions have been granted.
...for security reasons, the label is always an empty string ("") if the user has not obtained permission to use at least one media device, either by starting a stream from the microphone or camera, or by persistent
permissions being granted.
Navigator - Web APIs
navigator.
permissions read only returns a
permissions object that can be used to query and update permission status of apis covered by the
permissions api.
... navigatorstorage.storage read only returns the singleton storagemanager object used for managing persistence
permissions and estimating available storage on a site-by-site/app-by-app basis.
Notification.requestPermission() - Web APIs
function notifyme() { // let's check if the browser supports notifications if (!("notification" in window)) { alert("this browser does not support desktop notification"); } // let's check whether notification
permissions have already been granted else if (notification.permission === "granted") { // if it's okay let's create a notification var notification = new notification("hi there!"); } // otherwise, we need to ask the user for permission else if (notification.permission !== "denied") { notification.requestpermission().then(function (permission) { // if the user accepts, let's create...
...} we no longer show a live sample on this page, as chrome and firefox no longer allow notification
permissions to be requested from cross-origin <iframe>s, with other browsers to follow.
Notification - Web APIs
function notifyme() { // let's check if the browser supports notifications if (!("notification" in window)) { alert("this browser does not support desktop notification"); } // let's check whether notification
permissions have already been granted else if (notification.permission === "granted") { // if it's okay let's create a notification var notification = new notification("hi there!"); } // otherwise, we need to ask the user for permission else if (notification.permission !== "denied") { notification.requestpermission().then(function (permission) { // if the user accepts, let's create...
...} we no longer show a live sample on this page, as chrome and firefox no longer allow notification
permissions to be requested from cross-origin <iframe>s, with other browsers to follow.
PushManager.hasPermission() - Web APIs
the pushmanager.haspermission() method of the pushmanager interface returns a promise that resolves to the push
permissionstatus of the requesting webapp, which will be one of granted, denied, or default.
... syntax ​pushmanager.haspermission().then(function(push
permissionstatus) { ...
WorkerNavigator - Web APIs
workernavigator.
permissions read only returns a
permissions object that can be used to query and update permission status of apis covered by the
permissions api.
... navigator.storageread only returns a storagemanager interface for managing persistance
permissions and estimating available storage.
XRPermissionDescriptor.mode - Web APIs
the mode property of the xrpermissiondescriptor dictionary is a string taken from the xrsessionmode enumerated type, specifying which web xr session mode (inline, immersive-vr, or immersive-ar) the described
permissions will be used for.
... let xrpermissiondesc = { name: "xr", mode: "immersive-vr" }; if (navigator.
permissions) { navigator.
permissions.query(xrpermissiondesc).then(({state}) => { switch(state) { case "granted": setupxr(); break; case "prompt": promptandsetupxr(); break; default: /* do nothing otherwise */ break; } .catch(err) { console.log(err); } } else { setupxr(); } specifications specification status ...
Feature Policy - HTTP
the feature-policy header has now been renamed to
permissions-policy in the spec, and this article will eventually be updated to reflect that change.
...where available, the feature integrates with the
permissions api, or feature-specific mechanisms to check if the feature is available.
Feature-Policy - HTTP
the header has now been renamed to
permissions-policy in the spec, and this article will eventually be updated to reflect that change.
... specifications specification
permissions policy ...
Navigator.mozNotification - Archive of obsolete content
permissions when using notifications in an open web app, be sure to add the desktop-notification permission in your manifest file: "
permissions": { "desktop-notification": {} } usage notes in firefox 22+, the instantiation of a new notification should be done with the notification object by calling new notification(title, options).
Content Scripts - Archive of obsolete content
however, you can enable these features for specific domains by adding them to your add-on's package.json under the "cross-domain-content" key, which itself lives under the "
permissions" key.
private-browsing - Archive of obsolete content
opting into private browsing add-ons built using the sdk must opt into private browsing by setting the following key in their package.json file: "
permissions": {"private-browsing": true} if an add-on has not opted in, then the high-level sdk modules will not expose private windows, or objects (such as tabs) that are associated with private windows: the windows module will not list any private browser windows, generate any events for private browser windows, or let the add-on open any private browser windows the tabs module will not list a...
Local Storage - Archive of obsolete content
let localdir = directoryservice.get("profd", ci.nsifile); localdir.append("xulschool"); if (!localdir.exists() || !localdir.isdirectory()) { // read and write
permissions to owner and group, read-only for others.
Extensions support in SeaMonkey 2 - Archive of obsolete content
are listed below: url in firefox url in seamonkey overlays chrome://browser/content/browser.xul chrome://navigator/content/navigator.xul main browser window chrome://browser/content/pageinfo/pageinfo.xul chrome://navigator/content/pageinfo/pageinfo.xul page info window chrome://browser/content/preferences/
permissions.xul chrome://communicator/content/permis...onsmanager.xul
permissions manager dialog urls added in 2.1 url in firefox url in seamonkey chrome://browser/content/bookmarks/bookmarkspanel.xul chrome://communicator/content/bookmarks/bm-panel.xul chrome://browser/content/places/places.xul chrome://communicator/...
Index - Archive of obsolete content
3416 bypassing security restrictions and signing code security, web development early versions of firefox allowed web sites to segregate principals using signed scripts, and request extra
permissions for scopes within signed scripts using a function called enableprivelege.
Index of archived content - Archive of obsolete content
homeprovider.jsm homestorage nativewindow contextmenus doorhanger menu toast notifications.jsm pageactions.jsm prompt.jsm runtime
permissions.jsm snackbars.jsm sound.jsm tab addons developer guide code snippets creating a user interface firefox hub walkthrough initialization and cleanup prerequisites walkthrough webextensions for firefox for android ...
Java in Firefox Extensions - Archive of obsolete content
s leading to this jar and all other jars in your extension within an array of java.net.url's, pass to java.net.urlclassloader to get a class loader, and finally pass the classloader and array to a function which gives the necessary privileges: // this function will be called to give the necessary privileges to your jar files // however, the policy never comes into play, because // (1) adding
permissions doesn't add to the policy itself, and // (2) addurl alone does not set the grant codebase function policyadd (loader, urls) { try { //if have trouble with the policy try changing it to //edu.mit.simile.javafirefoxextensionutils.urlsetpolicy var str = 'edu.mit.simile.javafirefoxextensionutils.urlsetpolicy'; var policyclass = java.lang.class.forname( ...
IO - Archive of obsolete content
retrieve a file object for information about getting a file object, see accessing files get information about a file available information about a file include the
permissions, size, and last modified date of a file.
iframe - Archive of obsolete content
warning: when used in chrome-privileged documents (either html or xul) such as firefox addons, the contents of the frame may have the same
permissions as firefox itself.
CSRF - MDN Web Docs Glossary: Definitions of Web-related terms
this can be done, for example, by including malicious parameters in a url behind a link that purports to go somewhere else: <img src="https://www.example.com/index.php?action=delete&id=123"> for users who have modification
permissions on https://www.example.com, the <img> element executes action on https://www.example.com without their noticing, even if the element is not at https://www.example.com.
Third-party APIs - Learn web development
third party apis have a slightly different
permissions system — they tend to use developer keys to allow developers access to the api functionality, which is more to protect the api vendor than the user.
Website security - Learn web development
sql injection sql injection vulnerabilities enable malicious users to execute arbitrary sql code on a database, allowing data to be accessed, modified, or deleted irrespective of the user's
permissions.
Server-side website programming - Learn web development
learning pathway getting started with server-side programming is usually easier than client-side development, because dynamic websites tend to perform a lot of very similar operations (retrieving data from a database and displaying it in a page, validating user-entered data and saving it in a database, checking user
permissions and logging users in, etc.), and are constructed using web frameworks that make these and other common web server operations easy.
Testopia
testopia allows users to login to one tool and uses bugzilla group
permissions to limit access to modifying test objects.
Eclipse CDT Manual Setup
download just-print-mozilla-build.py and change its
permissions to make it executable ('chmod a+x just-print-mozilla-build.py').
Reviewer Checklist
android
permissions should be 'grouped' into a common release to avoid breaking auto-updates.
Error codes returned by Mozilla APIs
ns_error_file_access_denied (0x80520015) an operation was not performed on a file because the file cannot be accessed, typically because the
permissions set for the file do not allow the operation.
Blocked: Custom cookie permission
the permission can be changed or removed by: going to preferences > content blocking > cookies and site data clicking on the manage
permissions button and updating the listed exceptions ...
HTMLIFrameElement.clearMatch()
note: use of the browser api requires a privileged app, and browser and/or embed-apps
permissions, depending on what you want to do.
HTMLIFrameElement.executeScript()
note: use of the browser api requires a privileged app, and browser and/or embed-apps
permissions, depending on what you want to do.
HTMLIFrameElement.findAll()
note: use of the browser api requires a privileged app, and browser and/or embed-apps
permissions, depending on what you want to do.
HTMLIFrameElement.findNext()
note: use of the browser api requires a privileged app, and browser and/or embed-apps
permissions, depending on what you want to do.
Addon
permissions read only integer a bitfield holding all the the operations that can be performed on this add-on.
AddonManager
permissions constant description perm_can_uninstall this add-on can be uninstalled.
JNI.jsm
with this module, all of the android sdk functions that firefox has
permissions for are at your fingertips.
Webapps.jsm
ps.jsm"); // exported symbol is domapplicationregistry method overview init: function() loadcurrentregistry: function() notifyappsregistrystart: function notifyappsregistrystart() notifyappsregistryready: function notifyappsregistryready() sanitizeredirects: function sanitizeredirects(asource) _savewidgetsfullpath: function(amanifest, adestapp) appkind: function(aapp, amanifest) update
permissionsforapp: function(aid, aispreinstalled) updateofflinecacheforapp: function(aid) installpreinstalledapp: function installpreinstalledapp(aid) removeifhttpsduplicate: function(aid) installsystemapps: function() loadandupdateapps: function() updatedatastore: function(aid, aorigin, amanifesturl, amanifest) _registersystemmessagesforentrypoint: function(amanifest, aapp, aentrypoint) _registerint...
NSS 3.19.2.3 release notes
an attacker could create a specially-crafted certificate which, when parsed by nss, would cause a crash or execution of arbitrary code with the
permissions of the user.
NSS 3.21.1 release notes
an attacker could create a specially-crafted certificate which, when parsed by nss, would cause a crash or execution of arbitrary code with the
permissions of the user.
NSS 3.22.2 release notes
an attacker could create a specially-crafted certificate which, when parsed by nss, would cause a crash or execution of arbitrary code with the
permissions of the user.
NSS 3.23 release notes
an attacker could create a specially-crafted certificate which, when parsed by nss, would cause a crash or execution of arbitrary code with the
permissions of the user.
Rhino shell
note if the shell is invoked with the system property rhino.use_java_policy_security set to true and with a security manager installed, the shell restricts scripts
permissions based on their urls according to java policy settings.
Starting WebLock
that interface includes members representing the file name, file attributes,
permissions, existence, and others.
nsIPropertyBag
e:"mozilla" appname:"netscape" appversion:"5.0 (windows)" battery:batterymanager buildid:"20140529161749" cookieenabled:true donottrack:"yes" geolocation:geolocation language:"en-us" mimetypes:mimetypearray mozalarms:null mozapps:xpcwrappednative_nohelper mozcameras:cameramanager mozconnection:mozconnection mozcontacts:contactmanager mozid:null mozkeyboard:xpcwrappednative_nohelper mozpay:null moz
permissionsettings:null mozphonenumberservice:phonenumberservice mozpower:mozpowermanager moztcpsocket:null online:true oscpu:"windows nt 5.1" platform:"win32" plugins:pluginarray product:"gecko" productsub:"20100101" useragent:"mozilla/5.0 (windows nt 5.1; rv:30.0) gecko/20100101 firefox/30.0" vendor:"" vendorsub:"" __proto__:navigatorprototype from here we can easily see the operating system version.
nsIToolkitProfileService
this may throw an ns_error_failure (0x80004005) when trying to get the current profile if it's unavailable or if
permissions restrict access.
nsIWinAppHelper
returns true only if all the following conditions are all true at once: the operating system is at least windows vista user account control is enabled the user is an administrator the application is not already running with elevated
permissions otherwise it returns false.
nsIZipReader
ointer', entrypointer); /* console output * "entrypointer" "bootstrap.js" scratchpad/1:18 */ console.info('entry', entry); /* console output * "entry" xpcwrappednative_nohelper { queryinterface: queryinterface(), compression: getter, size: getter, realsize: getter, crc32: getter, isdirectory: getter, lastmodifiedtime: getter, issynthetic: getter,
permissions: getter, compression: 8 } scratchpad/1:19 */ if (!entry.isdirectory) { var inputstream = zr.getinputstream(entrypointer); reusablestreaminstance.init(inputstream); var filecontents = reusablestreaminstance.read(entry.realsize); console.log('contenst of file=', filecontents); } else { console.log('is directory, no...
Virtualenv
you may need to use sudo to obtain appropriate
permissions for the system.
about:debugging - Firefox Developer Tools
this does what it says: reloads any persistent scripts, such as background scripts parses the manifest.json file again, so changes to
permissions, content_scripts, browser_action or any other keys take effect installed extensions the permanently installed extensions are listed in the next section, extensions.
Accelerometer - Web APIs
to use this sensor, the user must grant permission to the 'accelerometer', device sensor through the
permissions api.
AmbientLightSensor - Web APIs
to use this sensor, the user must grant permission to the 'ambient-light-sensor' device sensor through the
permissions api.
Clipboard.write() - Web APIs
the "clipboard-write" permission of the
permissions api, is granted automatically to pages when they are in the active tab.
ClipboardItem - Web APIs
access to the contents of the clipboard is gated behind the
permissions api: the clipboard-write permission is granted automatically to pages when they are in the active tab.
Clipboard API - Web APIs
access to the contents of the clipboard is gated behind the
permissions api: the clipboard-write permission is granted automatically to pages when they are in the active tab.
FeaturePolicy.features() - Web APIs
feature whose name appears on the list might not be allowed by the feature policy of the current execution context and/or might not be accessible because of user's
permissions.
FeaturePolicy - Web APIs
feature whose name appears on the list might not be allowed by the feature policy of the current execution context and/or might not be accessible because of user's
permissions.
FileSystemEntry.remove() - Web APIs
fileerror.security_err the entry couldn't be removed due to
permissions or other access constraints, or because there are too many calls being made on file resources.
Gyroscope - Web APIs
to use this sensor, the user must grant permission to the 'gyroscope' device sensor through the
permissions api.
Audio() - Web APIs
the event-based approach is best: myaudioelement.addeventlistener("canplaythrough", event => { /* the audio is now playable; play it if
permissions allow */ myaudioelement.play(); }); memory usage and management if all references to an audio element created using the audio() constructor are deleted, the element itself won't be removed from memory by the javascript runtime's garbage collection mechanism if playback is currently underway.
Using IndexedDB - Web APIs
<iframe> content) cannot access indexeddb if the browser is set to never accept third party cookies (see bug 1147821.) warning about browser shutdown when the browser shuts down (because the user chose the quit or exit option), the disk containing the database is removed unexpectedly, or
permissions are lost to the database store, the following things happen: each transaction on every affected database (or all open databases, in the case of browser shutdown) is aborted with an aborterror.
Magnetometer - Web APIs
to use this sensor, the user must grant permission to the 'magnetometer' device sensor through the
permissions api.
MediaDeviceInfo - Web APIs
+ " id = " + device.deviceid); }); }) .catch(function(err) { console.log(err.name + ": " + err.message); }); this might produce: videoinput: id = cso9c0ypaf274oucpua53cne0yhlir2yxci+sqfbzz8= audioinput: id = rkxxbyjnabbadgqnnzqlvldmxls0yketycibg+xxnvm= audioinput: id = r2/xw1xupiyzunfv1lgrkoma5wtovckwfz368xcndm0= or if one or more media streams are active, or if persistent
permissions have been granted: videoinput: facetime hd camera (built-in) id=cso9c0ypaf274oucpua53cne0yhlir2yxci+sqfbzz8= audioinput: default (built-in microphone) id=rkxxbyjnabbadgqnnzqlvldmxls0yketycibg+xxnvm= audioinput: built-in microphone id=r2/xw1xupiyzunfv1lgrkoma5wtovckwfz368xcndm0= specifications specification status comment media capture and streamsthe definition of 'medi...
MediaDevices.enumerateDevices() - Web APIs
bel + " id = " + device.deviceid); }); }) .catch(function(err) { console.log(err.name + ": " + err.message); }); this might produce: videoinput: id = cso9c0ypaf274oucpua53cne0yhlir2yxci+sqfbzz8= audioinput: id = rkxxbyjnabbadgqnnzqlvldmxls0yketycibg+xxnvm= audioinput: id = r2/xw1xupiyzunfv1lgrkoma5wtovckwfz368xcndm0= or if one or more mediastreams are active or persistent
permissions are granted: videoinput: facetime hd camera (built-in) id=cso9c0ypaf274oucpua53cne0yhlir2yxci+sqfbzz8= audioinput: default (built-in microphone) id=rkxxbyjnabbadgqnnzqlvldmxls0yketycibg+xxnvm= audioinput: built-in microphone id=r2/xw1xupiyzunfv1lgrkoma5wtovckwfz368xcndm0= specifications specification status comment media capture and streamsthe definition of 'mediadevic...
MediaDevices - Web APIs
ndow.stream = stream; // make variable available to browser console video.srcobject = stream; }) .catch(function(error) { if (error.name === 'constraintnotsatisfiederror') { errormsg('the resolution ' + constraints.video.width.exact + 'x' + constraints.video.height.exact + ' px is not supported by your device.'); } else if (error.name === 'permissiondeniederror') { errormsg('
permissions have not been granted to use your camera and ' + 'microphone, you need to allow the page access to your devices in ' + 'order for the demo to work.'); } errormsg('getusermedia error: ' + error.name, error); }); function errormsg(msg, error) { errorelement.innerhtml += '<p>' + msg + '</p>'; if (typeof error !== 'undefined') { console.error(error); } } specifications ...
MediaStreamTrack.onended - Web APIs
this event occurs when the track will no longer provide data to the stream for any reason, including the end of the media input being reached, the user revoking needed
permissions, the source device being removed, or the remote peer ending a connection.
Navigator.clipboard - Web APIs
this permission must be obtained from the
permissions api using the "clipboard-read" and/or "clipboard-write"
permissions.
Notification.permission - Web APIs
function notifyme() { // let's check if the browser supports notifications if (!("notification" in window)) { console.log("this browser does not support desktop notification"); } // let's check whether notification
permissions have alredy been granted else if (notification.permission === "granted") { // if it's okay let's create a notification var notification = new notification("hi there!"); } // otherwise, we need to ask the user for permission else if (notification.permission !== 'denied' || notification.permission === "default") { notification.requestpermission(function (permission) { // ...
StorageManager - Web APIs
the storagemanager interface of the the storage api provides an interface for managing persistance
permissions and estimating available storage.
Storage API - Web APIs
note: see using the
permissions api for further details about obtaining and managing
permissions.
WebXR Device API - Web APIs
permissions and security for webxr the webxr device api has several areas of security to contend with, from establishing feature-policy to ensuring the user intends to use the mixed reality presentation before activating it.
XRPermissionDescriptor.optionalFeatures - Web APIs
xrreferencespace usage notes examples let xrpermissiondesc = { name: "xr", mode: "immersive-vr", optionalfeatures: [ "bounded-floor" ] }; if (navigator.
permissions) { navigator.
permissions.query(xrpermissiondesc).then(({state}) => { switch(state) { case "granted": setupxr(); break; case "prompt": promptandsetupxr(); break; default: /* do nothing otherwise */ break; } .catch(err) { console.log(err); } } else { setupxr(); } specifications specification status ...
Guide to Web APIs - Developer guides
fullscreen apiggamepad api geolocation apihhtml drag and drop apihigh resolution timehistory apiiimage capture apiindexeddbintersection observer apillong tasks api mmedia capabilities api media capture and streamsmedia session apimedia source extensions mediastream recordingnnavigation timingnetwork information api ppage visibility apipayment request apiperformance apiperformance timeline api
permissions apipointer eventspointer lock apiproximity events push api rresize observer apiresource timing apisserver sent eventsservice workers apistoragestorage access apistreams ttouch eventsuurl apivvibration apivisual viewport wweb animationsweb audio apiweb authentication apiweb crypto apiweb notificationsweb storage apiweb workers apiwebglwebrtcwebvttwebxr device apiwebsockets api ...
OPTIONS - HTTP
access-control-max-age the above
permissions may be cached for 86,400 seconds (1 day).
eval() - JavaScript
if you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the
permissions of your webpage / extension.
Autoplay guide for media and Web Audio APIs - Web media technologies
feature-policy: autoplay 'self'; fullscreen the same
permissions, grated using the <iframe> element's allow property, look like this: <iframe src="mediaplayer.html" allow="autoplay 'src'; fullscreen"> </iframe> example: allowing autoplay from specific sources the feature-policy header to allow media to be played from both the document's (or <iframe>'s) own domain and https://example.media looks like this: feature-policy: autoplay 'self' https://ex...
Web technology for developers
accessibilitycss houdinicss: cascading style sheetsdemos of open web technologiesdeveloper guidesexsltevent referencehtml: hypertext markup languagehttpjavascriptmathmlopensearch description formatprivacy,
permissions, and information securityprogressive web apps (pwas)svg: scalable vector graphicstutorialsweb apisweb componentsweb performanceweb app manifestsweb media technologiesweb securityweb technology referencexml: extensible markup languagexpathxslt: extensible stylesheet language transformations ...
Caching compiled WebAssembly modules - WebAssembly
if opening the database failed (for example due to
permissions or quota), we fall back to simply fetching and compiling the module and don't try to store the results (since there is no database to store them into).