Search completed in 0.97 seconds.
174 results for "permissions":
Your results are loading. Please wait...
Using the Permissions API - Web APIs
this article provides a basic guide to using the w3c permissions api, which provides a programmatic way to query the status of api permissions attributed to the current context.
... let's face it, permissions on the web are a necessary evil, and they are not much fun to deal with as developers.
... historically, different apis handle their own permissions inconsistently — for example the notifications api allows for explicit checking of permission status and requesting permission, whereas the geolocation api doesn't (which causes problems if the user denied the initial permission request, as we'll see below).
...And 19 more matches
Permissions API - Web APIs
the permissions api provides a consistent programmatic way to query the status of api permissions attributed to the current context.
... for example, the permissions api can be used to determine if permission to access a particular api has been granted or denied.
... concepts and usage historically different apis handle their own permissions inconsistently — for example the notifications api allows for explicit checking of permission status and requesting permission, whereas the geolocation api doesn't (which causes problems if the user denied the initial permission request).
...And 10 more matches
Permissions.query() - Web APIs
WebAPIPermissionsquery
the permissions.query() method of the permissions interface returns the state of a user permission on the global scope.
... syntax navigator.permissions.query(permissiondescriptor).then(function(permissionstatus) { ...
...the available options are: name: the name of the api whose permissions you want to query.
...And 7 more matches
Permissions - Web APIs
the permissions interface of the permissions api provides the core permission api functionality, such as methods for querying and revoking permissions methods permissions.query() returns the user permission status for a given api.
... permissions.request() requests permission to use a given api.
... permissions.requestall() requests permission to use a given set of apis.
...And 6 more matches
Permissions.revoke() - Web APIs
the permissions.revoke() method of the permissions interface reverts a currently set permission back to its default state, which is usually prompt.
... syntax this method is called on the global permissions object navigator.permissions.
... var revokepromise = navigator.permissions.revoke(descriptor); parameters descriptor an object based on the permissiondescriptor dictionary that sets options for the operation consisting of a comma-separated list of name-value pairs.
...And 5 more matches
PermissionStatus - Web APIs
the permissionstatus interface of the permissions api provides the state of an object and an event handler for monitoring changes to said state.
... properties permissionstatus.state read only returns the state of a requested permission; one of 'granted', 'denied', or 'prompt'.
... permissionstatus.statusread only returns the state of a requested permission; one of 'granted', 'denied', or 'prompt'.
...And 3 more matches
XRPermissionStatus - Web APIs
the xrpermissionstatus interface defines the object returned by calling navigator.permissions.query() for the xr permission name; it indicates whether or not the app or site has permission to use webxr, an may be monitored over time for changes to that permissions tate.
... properties in addition to the properties listed below, xrpermissionstatus includes the properties defined by its parent interface, permissionstatus.
... granted an array of strings listing the names of the features for which permission has been granted as of the time at which navigator.permissions.query() was called.
...And 3 more matches
WorkerNavigator.permissions - Web APIs
the workernavigator.permissions read-only property returns a permissions object that can be used to query and update permission status of apis covered by the permissions api.
... syntax permissionsobj = self.permissions value a permissions object.
... examples self.navigator.permissions.query({name:'notifications'}).then(function(result) { if (result.state === 'granted') { shownotification(); } else if (result.state === 'prompt') { requestnotificationpermission() } }); specification specification status comment permissions working draft initial definition.
...And 2 more matches
Navigator.permissions - Web APIs
the navigator.permissions read-only property returns a permissions object that can be used to query and update permission status of apis covered by the permissions api.
... syntax permissionsobj = globalobj.navigator.permissions value a permissions object.
... examples navigator.permissions.query({name:'geolocation'}).then(function(result) { if (result.state === 'granted') { showmap(); } else if (result.state === 'prompt') { showbuttontoenablemap(); } // don't do anything if the permission was denied.
... }); specification specification status comment permissions working draft initial definition.
PermissionStatus.onchange - Web APIs
the onchange event handler of the permissionstatus interface is called whenever the permissionstatus.state property changes.
... syntax permissionstatus.onchange = function() { ...
... } permissionstatus.addeventlistener('change', function() { ...
... }) example navigator.permissions.query({name:'geolocation'}).then(function(permissionstatus) { console.log('geolocation permission state is ', permissionstatus.state); permissionstatus.onchange = function() { console.log('geolocation permission state has changed to ', this.state); }; }); specification specification status comment permissionsthe definition of 'onchange' in that specification.
PushManager.permissionState() - Web APIs
the permissionstate() method of the pushmanager interface returns a promise that resolves to a domstring indicating the permission state of the push manager.
... note: as of firefox 44, the permissions for notifications and push have been merged.
... syntax pushmanager.permissionstate(options).then(function(pushmessagingstate) { ...
... specifications specification status comment push apithe definition of 'permissionstate()' in that specification.
Privacy, permissions, and information security
servers to let them protect themselves from protocol downgrade and cookie hijack attacks by letting sites tell clients that they can only use https to communicate with the server http/2 while http/2 technically does not have to use encryption, most browser developers are only supporting it when used with https, so it can be thought of in that regard as being security-related permissions api provides a way to determine the status of permissions for the current browser context transport layer security (tls); formerly known as secure sockets layer (ssl) tls provides security and privacy by encrypting data during transport over the network.
... this is the technology behind the https (hypertext transport protocol secured) protocol not all of these are generally directly used within code; notably, the permissions api, feature policy, and the allow attribute on <iframe> elements are primary tools directly used by code to help secure a site and its content.
... keeping personal data safe managing site permissions bringing it all together <using feature policy with permissions and so forth; how to use them together, how they interact, etc> permission requests in <iframe> elements things can get tricky when your web app uses the <iframe> element to embed content from another site inside your own, especially if the document you load into the frame has its own permission needs to consider.
... <--- allow attribute, feature policy, and permissions api stuff ---> a specific user experience issue that often arises is a document that's loaded with permission to access a resource and the document contains an <iframe> with the allow attribute to delegate that permission to the contents of the frame.
XRPermissionStatus.granted - Web APIs
the webxr device api's xrpermissionstatus interface's granted property is an array of strings, each identifying one of the webxr features for which permission has been granted as of the time at which the permission api's navigator.permissions.query() method was called.
... syntax grantedfeatures = xrpermissionstatus.granted; value an array of domstring objects, each identifying a single webxr feature which the app or site has been granted permission to use.
... xrreferencespace usage notes examples specifications specification status comment webxr device apithe definition of 'xrpermissionstatus.granted' in that specification.
PermissionStatus.state - Web APIs
the state read-only property of the permissionstatus interface returns the state of a requested permission.
... syntax var permission = permissionstatus.state; example navigator.permissions.query({name:'geolocation'}).then(function(permissionstatus) { console.log('geolocation permission state is ', permissionstatus.state); permissionstatus.onchange = function() { console.log('geolocation permission status has changed to ', this.state); }; }); specification specification status comment permissionsthe definition of 'state' in that specification.
WebXR permissions and security - Web APIs
in this guide, we'll cover how to ensure your app has the permissions it needs to provide a secure and private xr experience.
nsIFile
void create(in unsigned long type, in unsigned long permissions); void createunique(in unsigned long type, in unsigned long permissions); boolean equals(in nsifile infile); boolean exists(); acstring getrelativedescriptor(in nsifile fromfile); void initwithfile(in nsifile afile); void initwithnativepath(in acstring filepath); void initwithpath(in astring filepath); boolean isdirectory(); ...
... example, this could return "/home/user/foo.txt" or "c:\images\my.jpeg" permissions unsigned long the value of this attribute is a unix-style file permission mask for this nsifile.
... changing the permissions of a nsifile operates on the underlying filesystem.
...And 14 more matches
Index - Web APIs
WebAPIIndex
access to the contents of the clipboard is gated behind the permissions api; without user permission, reading or altering the clipboard contents is not permitted.
...feature whose name appears on the list might not be allowed by the feature policy of the current execution context and/or might not be accessible because of user's permissions.
...this event occurs when the track will no longer provide data to the stream for any reason, including the end of the media input being reached, the user revoking needed permissions, the source device being removed, or the remote peer ending a connection.
...And 13 more matches
Getting File Information - Archive of obsolete content
file permissions several methods may be used to check for file permissions.
...however, you can also use the permissions (nsifile.attributes) attribute to get the unix-style permission flags for a file.
... this attribute is also necessary if you need to modify the permissions.
...And 4 more matches
Sensor APIs - Web APIs
the only time anything is shown to the user is when permissions need to be requested and when the sensor type isn't supported by the device.
... console.log('sensor construction was blocked by a feature policy.'); } else if (error.name === 'referenceerror') { console.log('sensor is not supported by the user agent.'); } else { throw error; } } permissions and feature policy sensor readings may not be taken unless the user grants permission to a specific sensor type.
... do this using the permissions api.
...And 3 more matches
XRPermissionDescriptor - Web APIs
user permissions in the webxr device api are managed using the permissions api.
... the xrpermissiondescriptor's name must be set to xr in order to direct the permissions api to correctly handle the request as applying to webxr.
... mode an xrsessionmode value indicating the xr mode (inline, immersive-vr, or immersive-ar) for which the permissions are requested.
...And 3 more matches
AbsoluteOrientationSensor - Web APIs
to use this sensor, the user must grant permission to the 'accelerometer', 'gyroscope', and 'magnetometer' device sensors through the permissions api.
... model.quaternion.fromarray(sensor.quaternion).inverse(); }); sensor.addeventlistener('error', error => { if (event.error.name == 'notreadableerror') { console.log("sensor is not available."); } }); sensor.start(); permissions example using orientation sensors requires requesting permissions for multiple device sensors.
... because the permissions uses promises, a good way to request permissions is to use promise.all.
...And 2 more matches
Clipboard.read() - Web APIs
WebAPIClipboardread
note: the asynchronous clipboard and permissions apis are still in the process of being integrated into most browsers, so they often deviate from the official rules for permissions and the like.
... example after using navigator.permissions.query() to find out if we have (or if the user will be prompted to allow) "clipboard-read" access, this example fetches the data currently on the clipboard.
... // first, ask the permissions api if we have some kind of access to // the "clipboard-read" feature.
...And 2 more matches
RelativeOrientationSensor - Web APIs
to use this sensor, the user must grant permission to the 'accelerometer', and 'gyroscope' device sensors through the permissions api.
... model.quaternion.fromarray(sensor.quaternion).inverse(); }); sensor.addeventlistener('error', error => { if (event.error.name == 'notreadableerror') { console.log("sensor is not available."); } }); sensor.start(); permissions example using orientation sensors requires requsting permissions for multiple device sensors.
... becuase the permissions uses promises, a good way to request permissions is to use promise.all.
...And 2 more matches
XRPermissionDescriptor.requiredFeatures - Web APIs
the xrpermissiondescriptor dictionary's requiredfeatures property should be set prior to calling navigator.permissions.query() to a list of webxr features which must be supported for the app to work.
... this ensures that permissions are checked as applicable to ensure that those features are available upon request.
...the permissions check will be performed in such a manner as to verify that all features in the list are available for use with the user's permission.
...And 2 more matches
OS.File for the main thread
ng path, [optional] in object options); promise<void> removeemptydir(in string path, [optional] in object options); promise<void> removedir(in string path, [optional] in object options); promise<void> setcurrentdirectory(in string path); promise<void> setdates(in string path, in date|number accessdate, in date|number modificationdate); promise<void> setpermissions(in string path, in object options ); promise<file.info> stat(in string path, [optional] in object options); promise<void> unixsymlink(in string targetpath, in string createpath); promise<void> writeatomic(in string path, in arrayview data, in object options); methods os.file.open() use method os.file.open() to open a file.
... ignorepermissions if true, this function will remove the directory even when lacking write permissions.
... os.file.setpermissions() sets the file's access permission bits.
... promise<void> setpermissions( in string path, in object options ) arguments path the complete path to the file.
Index
MozillaTechXPCOMIndex
454 nsicookiepermission cookies, interfaces, interfaces:scriptable, xpcom, xpcom api reference the nsicookiepermission interface is used to test for cookie permissions 455 nsicookiepromptservice cookies, interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference the nsicookiepromptservice interface is to open a dialog to ask to permission to accept the cookie.
... 649 permissions xpcom, xpcom api reference no summary!
... 650 permissionsoflink no summary!
... 825 nsipermissionmanager interfaces, interfaces:scriptable, xpcom, xpcom interface reference the nsipermissionmanager interface is used to persistently store permissions for different object types (cookies, images, and so on) on a site-by-site basis.
nsIScriptableIO
nsisupports newinputstream(in nsivariant abase, in astring amode, [optional] in astring acharset, [optional] in astring areplacechar, [optional] in unsigned long abuffersize); nsisupports newoutputstream(in nsivariant abase, in astring amode, [optional] in astring acharset, [optional] in astring areplacechar, [optional] in unsigned long abuffersize, [optional] in unsigned long apermissions); nsiuri newuri(in nsivariant auri); methods getfile() retrieves a reference to a file or directory on disk.
... nsisupports newoutputstream( in nsivariant abase, in astring amode, [optional] in astring acharset, [optional] in astring areplacechar, [optional] in unsigned long abuffersize, [optional] in unsigned long apermissions ); parameters abase the base object to which to write.
... apermissions the permissions to use on a newly created file, if applicable.
... typically you will use an actual octal permissions value for this parameter.
nsISecurityCheckedComponent
method overview string cancallmethod(in nsiidptr iid, in wstring methodname); string cancreatewrapper(in nsiidptr iid); string cangetproperty(in nsiidptr iid, in wstring propertyname); string cansetproperty(in nsiidptr iid, in wstring propertyname); methods cancallmethod() returns a capability string indicating what permissions are required to call the specified method on the given interface.
...cancreatewrapper() returns a string indicating what permissions are required to create a wrapper for the given interface.
...cangetproperty() returns the permissions required to get the specified property on the given interface.
...cansetproperty() returns the permissions required to set the specified property on the given interface.
Using the Notifications API - Web APIs
https), and you can no longer allow notification permissions to be requested from cross-origin <iframe>s.
...if you want to support older versions, you might have to use the older callback version, which looks like this: notification.requestpermission(); the callback version optionally accepts a callback function that is called once the user has responded to the request to display permissions.
... example in our todo list demo, we include an "enable notifications" button that, when pressed, requests notification permissions for the app.
... <button id="enable">enable notifications</button> clicking this calls the asknotificationpermission() function: function asknotificationpermission() { // function to actually ask the permissions function handlepermission(permission) { // whatever the user answers, we make sure chrome stores the information if(!('permission' in notification)) { notification.permission = permission; } // set the button to shown or hidden, depending on what the user answers if(notification.permission === 'denied' || notification.permission === 'default') { notificationbtn.style.display = 'block'; } else { notificationbtn.style.display = 'none'; } } // let's check if the browser supports notifications if (!('notification' in window)) { console.log("this br...
OrientationSensor - Web APIs
model.quaternion.fromarray(sensor.quaternion).inverse(); }); sensor.addeventlistener('error', error => { if (event.error.name == 'notreadableerror') { console.log("sensor is not available."); } }); sensor.start(); permissions example using orientation sensors requires requsting permissions for multiple device sensors.
... becuase the permissions uses promises, a good way to request permissions is to use promise.all.
... const sensor = new absoluteorientationsensor(); promise.all([navigator.permissions.query({ name: "accelerometer" }), navigator.permissions.query({ name: "magnetometer" }), navigator.permissions.query({ name: "gyroscope" })]) .then(results => { if (results.every(result => result.state === "granted")) { sensor.start(); ...
... } else { console.log("no permissions to use absoluteorientationsensor."); } }); specifications specification status comment orientation sensorthe definition of 'orientationsensor' in that specification.
Cross-domain Content Scripts - Archive of obsolete content
in particular, they can't: access content hosted in an iframe, if that content is served from a different domain make cross-domain xmlhttprequests however, you can enable these features for specific domains by adding them to your add-on's package.json under the "cross-domain-content" key, which itself lives under the "permissions" key: "permissions": { "cross-domain-content": ["http://example.org/", "http://example.com/"] } the domains listed must include the scheme and fully qualified domain name, and these must exactly match the domains serving the content - so in the example above, the content script will not be allowed to access content served from https://example.com/.
... the "page-script.js" file locates "today's featured article" and sends its content to "main.js": // page-script.js var iframe = window.document.getelementbyid("wikipedia"); var todaysfeaturedarticle = iframe.contentwindow.document.getelementbyid("mp-tfa"); self.postmessage(todaysfeaturedarticle.textcontent); for this to work, we need to add the "cross-domain-content" key to "package.json": "permissions": { "cross-domain-content": ["http://en.m.wikipedia.org/"] } the add-on should successfully retrieve the iframe's content.
...jsonresponse = json.parse(request.responsetext); var summary = getsummary(jsonresponse); var element = document.getelementbyid("forecast_summary"); element.textcontent = summary; }; request.send(); }); function getsummary(forecast) { return forecast.regionalfcst.fcstperiods.period[0].paragraph[0].$; } finally, we need to add the "cross-domain-content" key to "package.json": "permissions": { "cross-domain-content": ["http://datapoint.metoffice.gov.uk"] } content permissions and unsafewindow if you use "cross-domain-content", then javascript values in content scripts will not be available from pages.
widget - Archive of obsolete content
allow object an optional object describing permissions for the content.
... allow a object describing permissions for the content.
... allow a object describing permissions for the content.
Index
} win95::x86 { equivalentplatform {winnt::x86} } sunos:5.5.1:sparc { modulename { "example unix module" } modulefile { unix/fort.so } defaultmechanismflags{0x0001} cipherenableflags{0x0001} files { unix/fort.so { relativepath{%root%/lib/fort.so} absolutepath{/usr/local/netscape/lib/fort.so} filepermissions{555} } xplat/instr.html { relativepath{%root%/docs/inst.html} absolutepath{/usr/local/netscape/docs/inst.html} filepermissions{555} } } } irix:6.2:mips { equivalentplatform { sunos:5.5.1:sparc } } } script grammar the script is basic java, allowing lists, key-value pairs, strings, and combin...
... filepermissions sets permissions on any referenced files in a string of octal digits, according to the standard unix format.
... user read: 0400 user write: 0200 user execute: 0100 group read: 0040 group write: 0020 group execute: 0010 other read: 0004 other write: 0002 other execute: 0001 some platforms may not understand these permissions.
NSS tools : modutil
epath { %temp%/setup.hlp } } win32/setup.cab { relativepath { %temp%/setup.cab } } } } win95::x86 { equivalentplatform {winnt::x86} } sunos:5.5.1:sparc { modulename { "example unix module" } modulefile { unix/fort.so } defaultmechanismflags{0x0001} cipherenableflags{0x0001} files { unix/fort.so { relativepath{%root%/lib/fort.so} absolutepath{/usr/local/netscape/lib/fort.so} filepermissions{555} } xplat/instr.html { relativepath{%root%/docs/inst.html} absolutepath{/usr/local/netscape/docs/inst.html} filepermissions{555} } } } irix:6.2:mips { equivalentplatform { sunos:5.5.1:sparc } } } script grammar the script is basic java, allowing lists, key-value pairs, strings, and combinations of all of them.
... filepermissions sets permissions on any referenced files in a string of octal digits, according to the standard unix format.
... user read: 0400 user write: 0200 user execute: 0100 group read: 0040 group write: 0020 group execute: 0010 other read: 0004 other write: 0002 other execute: 0001 some platforms may not understand these permissions.
NSS Tools modutil
.cab } } } } win95::x86 { equivalentplatform {winnt::x86} } sunos:5.5.1:sparc { modulename { "fortezza unix module" } modulefile { unix/fort.so } defaultmechanismflags{0x0001} cipherenableflags{0x0001} files { unix/fort.so { relativepath{%root%/lib/fort.so} absolutepath{/usr/local/netscape/lib/fort.so} filepermissions{555} } xplat/instr.html { relativepath{%root%/docs/inst.html} absolutepath{/usr/local/netscape/docs/inst.html} filepermissions{555} } } } irix:6.2:mips { equivalentplatform { sunos:5.5.1:sparc } }} script grammar the script file grammar is as follows: --> valuelistvaluelist --> value valuelist <null>value...
... filepermissions interpreted as a string of octal digits, according to the standard unix format.
... this string is a bitwise or of the following constants: user read: 0400 user write: 0200 user execute: 0100 group read: 0040 group write: 0020 group execute: 0010 other read: 0004 other write: 0002 other execute: 0001 some platforms may not understand these permissions.
NSS tools : modutil
MozillaProjectsNSStoolsmodutil
} win95::x86 { equivalentplatform {winnt::x86} } sunos:5.5.1:sparc { modulename { "example unix module" } modulefile { unix/fort.so } defaultmechanismflags{0x0001} cipherenableflags{0x0001} files { unix/fort.so { relativepath{%root%/lib/fort.so} absolutepath{/usr/local/netscape/lib/fort.so} filepermissions{555} } xplat/instr.html { relativepath{%root%/docs/inst.html} absolutepath{/usr/local/netscape/docs/inst.html} filepermissions{555} } } } irix:6.2:mips { equivalentplatform { sunos:5.5.1:sparc } } } script grammar the script is basic java, allowing lists, key-value pairs, strings, and combin...
... filepermissions sets permissions on any referenced files in a string of octal digits, according to the standard unix format.
... user read: 0400 user write: 0200 user execute: 0100 group read: 0040 group write: 0020 group execute: 0010 other read: 0004 other write: 0002 other execute: 0001 some platforms may not understand these permissions.
nsICookiePermission
the nsicookiepermission interface is used to test for cookie permissions netwerk/cookie/nsicookiepermission.idlscriptable please add a summary to this article.
...setaccess() sets cookie access permissions for the given uri.
...aaccess the new cookie access permissions for the uri.
nsIPermissionManager
the nsipermissionmanager interface is used to persistently store permissions for different object types (cookies, images, and so on) on a site-by-site basis.
... in string type); pruint32 testexactpermissionfromprincipal(in nsiprincipal principal, in string type); pruint32 testpermission(in nsiuri uri, in string type); pruint32 testpermissionfromprincipal(in nsiprincipal principal, in string type); attributes attribute type description enumerator nsisimpleenumerator enumerates all stored permissions.
... removepermission() remove a given permission from the stored permissions.
Clipboard - Web APIs
WebAPIClipboard
calls to the methods of the clipboard object will not succeed if the user hasn't granted the needed permissions using the permissions api and the "clipboard-read" or "clipboard-write" permission as appropriate.
... for example, firefox does not yet support the "clipboard-read" and "clipboard-write" permissions, so access to the methods that access and change the contents of the clipboard are restricted in other ways.
... for webextensions, you can request the clipboardread and clipboardwrite permissions to be able to use clipboard.readtext() and clipboard.writetext().
MediaDevices.getUserMedia() - Web APIs
on browsers that support managing media permissions with feature policy, this error is returned if feature policy is not configured to allow access to the input source(s).
... the two permissions that apply to getusermedia() are camera and microphone.
...these kinds of urls loaded from javascript code inherit the script's permissions.
PushManager - Web APIs
pushmanager.permissionstate() returns a promise that resolves to the permission state of the current pushmanager, which will be one of 'granted', 'denied', or 'prompt'.
... deprecated methods pushmanager.haspermission() returns a promise that resolves to the pushpermissionstatus of the requesting webapp, which will be one of granted, denied, or default.
... replaced by pushmanager.permissionstate().
Web APIs
WebAPI
fullscreen apiggamepad api geolocation apihhtml drag and drop apihigh resolution timehistory apiiimage capture apiindexeddbintersection observer apillong tasks api mmedia capabilities api media capture and streamsmedia session apimedia source extensions mediastream recordingnnavigation timingnetwork information api ppage visibility apipayment request apiperformance apiperformance timeline apipermissions apipointer eventspointer lock apiproximity events push api rresize observer apiresource timing apisserver sent eventsservice workers apistoragestorage access apistreams ttouch eventsuurl apivvibration apivisual viewport wweb animationsweb audio apiweb authentication apiweb crypto apiweb notificationsweb storage apiweb workers apiwebglwebrtcwebvttwebxr device apiwebsockets api interfaces th...
... paymentresponse paymentvalidationerrors pbkdf2params performance performanceentry performanceeventtiming performanceframetiming performancelongtasktiming performancemark performancemeasure performancenavigation performancenavigationtiming performanceobserver performanceobserverentrylist performancepainttiming performanceresourcetiming performanceservertiming performancetiming periodicwave permissionstatus permissions photocapabilities plugin pluginarray point pointerevent popstateevent positionoptions processinginstruction progressevent promiserejectionevent publickeycredential publickeycredentialcreationoptions publickeycredentialrequestoptions pushevent pushmanager pushmessagedata pushregistrationmanager pushsubscription r rtcansweroptions rtccertificate rtcconfiguratio...
...est xmlhttprequesteventtarget xmlhttprequestresponsetype xmlserializer xpathevaluator xpathexception xpathexpression xpathnsresolver xpathresult xrboundedreferencespace xrenvironmentblendmode xreye xrframe xrframerequestcallback xrhandedness xrinputsource xrinputsourcearray xrinputsourceevent xrinputsourceeventinit xrinputsourceschangeevent xrinputsourceschangeeventinit xrpermissiondescriptor xrpermissionstatus xrpose xrreferencespace xrreferencespaceevent xrreferencespaceeventinit xrreferencespacetype xrrenderstate xrrenderstateinit xrrigidtransform xrsession xrsessionevent xrsessioneventinit xrsessioninit xrsessionmode xrspace xrsystem xrtargetraymode xrview xrviewerpose xrviewport xrvisibilitystate xrwebgllayer xrwebgllayerinit xsltprocessor ...
Interacting with page scripts - Archive of obsolete content
to do this, add an option called “unsafe-content-script” under the “permissions” key in package.json, and set it to true.
... "permissions": { "unsafe-content-script": true } this is only a temporary migration aid, and will be removed eventually.
page-worker - Archive of obsolete content
allow object an object with keys to configure the permissions on the page worker.
... allow a object describing permissions for the content.
panel - Archive of obsolete content
allow object an optional object describing permissions for the content.
... allow an object describing permissions for the content.
content/symbiont - Archive of obsolete content
allow object permissions for the content, with the following keys: script boolean whether or not to execute script in the content.
... allow permissions for the content, with a single boolean key called script which defaults to true and indicates whether or not to execute scripts in the content.
package.json - Archive of obsolete content
others, such as lib, permissions, and preferences, represent instructions to the jpm tool itself to generate and include particular code and data structures in your add-on.
... permissions an object describing the set of permissions that the add-on needs.
Session store API - Archive of obsolete content
the tab's persistent xul attributes (those saved due to calls to persisttabattribute()) and permissions are restored.
... if you want to set permissions or otherwise manipulate a restored tab before the page is loaded into it, you should watch sstabrestoring.
Bypassing Security Restrictions and Signing Code - Archive of obsolete content
early versions of firefox allowed web sites to segregate principals using signed scripts, and request extra permissions for scopes within signed scripts using a function called enableprivelege.
... sites that require additional permissions should now ask firefox users to install an extension, which can interact with non-privileged pages if needed.
XUL Structure - Archive of obsolete content
both html and xul placed on a web site have no extra permissions; however both html and xul loaded through a chrome url have enhanced permissions.
...just copying a xul file into the chrome directory doesn't give the file any extra permissions, nor can it be accessed via a chrome url.
application/http-index-format specification - Archive of obsolete content
file-type one of the following keywords to represent a special status for a file: file directory symbolic-link sym-file (a symbolic link to a file) sym-directory (a symbolic link to a directory) permissions unix type file permission syntax.
... 3 slots either 'r', 'w', 'x', or '-' representing, in order, read, write, or execute permissions.
Mozprofile - Archive of obsolete content
setting permissions mozprofile also takes care of adding permissions to the profile.
... see https://github.com/mozilla/mozbase/b...permissions.py resources other mozilla programs offer additional and overlapping functionality for profiles.
Common Firefox theme issues and solutions - Archive of obsolete content
about:permissions domain names don't line up in about:permissions the domains on the domain list of about:permissions do not line up properly due to missing placeholder icons for domains without favicons.
... this issue is fixed by adding the following css instructions to the file browser/preferences/aboutpermissions.css: .site-favicon { height: 16px; width: 16px; -moz-margin-end: 4px; list-style-image: url("chrome://mozapps/skin/places/defaultfavicon.png"); } web developer tools web developer toolbar {to be added} web console web console buttons do not change appearance on the web console (tools > web developer > web console), the toolbar buttons on the left-hand side do not change their appearance between their toggled on and toggled off status as a result it is not possible to determine which buttons are enabled.
From object to iframe — other embedding technologies - Learn web development
always use the sandbox attribute you want to give attackers as little power as you can to do bad things on your website, therefore you should give embedded content only the permissions needed for doing its job.
... if absolutely required, you can add permissions back one by one (inside the sandbox="" attribute value) — see the sandbox reference entry for all the available options.
Android-specific test suites
for example, to disable org.mozilla.gecko.permissions.testsuccessrunnableisexecutedifpermissionsaregranted, add @ignore as follows: ...
... @runwith(testrunner.class) public class testpermissions { @ignore @test public void testsuccessrunnableisexecutedifpermissionsaregranted() { ...
What to do and what not to do in Bugzilla
if you need faster access to get canconfirm or editbugs, especially in order to triage bugs or to participate in a bug day, then you can ask in #bmo on irc, or you may create a bug requesting permissions.
...the same is true for editbugs: leave comments with the information you'd like to be able to edit into the bug, and that will help you get the editbugs permissions quickly.
FileUtils.jsm
ly parameter to pr_open mode_wronly 0x02 corresponds to the pr_wronly parameter to pr_open mode_create 0x08 corresponds to the pr_create_file parameter to pr_open mode_append 0x10 corresponds to the pr_append parameter to pr_open mode_truncate 0x20 corresponds to the pr_truncate parameter to pr_open perms_file 0644 default permissions when creating files.
... perms_directory 0755 default permissions when creating directories methods getfile() gets a file at the specified hierarchy under a nsidirectoryservice key.
Named Shared Memory
referenced directories should have permissions appropriate for writing.
...set permissions and or access controls at create and attach time to ensure you get the desired security.
Secure Development Guidelines
s foo { private: char *ptr; public: foo() {} ~foo() { if (ptr) free(ptr); } }; constructor/destructor issues: prevention initialize the data members of an object in the constructor writing secure code: miscellaneous file i/o a lot can go wrong because a lot can be done with file input and output filenames permissions file handles and descriptors file i/o: filename divided in directories, subdirectories, and the file itself ‘/’ is separator; in windows ‘\’ would work too int openfile(char *file) { handle fh; if (strstr(file, “\”)) return -1; fh = createfilea(file, ...); writefile(fh, data, sizeofdata, null, null); } could be a normal file, direct...
...ory, device, or link directory traversal (../../../../) file i/o: file permissions should be set correctly be sure not to make world-writable files sensitive files shouldn’t be world readable file i/o: file descriptors and handles could be a race if instances of fh are shared between threads fh inheritence: default in unix, needs to be set in windows int main(int argc, char **argv, char **envp) { int fd = open("/etc/shadow", o_rdwr); setreuid(getuid(), getuid()); excve("/bin/sh", argv, envp); } suid root applications file i/o: file descriptors and handles potential overflows when using select fd_set struct, static length, holds a bitmask of fds manipulated with fd_set, fd_isset, fd_clr and fd_zero macros fd_set’s size depends on the operating system if ...
nsILocalFile
mode a unix-style file permissions value.
...this parameter may be ignored on systems that do not support file permissions.
WebIDL bindings
checking for permissions or preferences with js-implemented webidl, the init method should only return undefined.
... for permissions or other kinds of checking, add an extended attribute func="mypermissionchecker" where mypermissionchecker is a function implemented in c++ that returns true if the interface should be enabled.
MediaDeviceInfo.label - Web APIs
only available during active mediastream use, or when persistent permissions have been granted.
...for security reasons, the label is always an empty string ("") if the user has not obtained permission to use at least one media device, either by starting a stream from the microphone or camera, or by persistent permissions being granted.
Navigator - Web APIs
WebAPINavigator
navigator.permissions read only returns a permissions object that can be used to query and update permission status of apis covered by the permissions api.
... navigatorstorage.storage read only returns the singleton storagemanager object used for managing persistence permissions and estimating available storage on a site-by-site/app-by-app basis.
Notification.requestPermission() - Web APIs
function notifyme() { // let's check if the browser supports notifications if (!("notification" in window)) { alert("this browser does not support desktop notification"); } // let's check whether notification permissions have already been granted else if (notification.permission === "granted") { // if it's okay let's create a notification var notification = new notification("hi there!"); } // otherwise, we need to ask the user for permission else if (notification.permission !== "denied") { notification.requestpermission().then(function (permission) { // if the user accepts, let's create...
...} we no longer show a live sample on this page, as chrome and firefox no longer allow notification permissions to be requested from cross-origin <iframe>s, with other browsers to follow.
Notification - Web APIs
function notifyme() { // let's check if the browser supports notifications if (!("notification" in window)) { alert("this browser does not support desktop notification"); } // let's check whether notification permissions have already been granted else if (notification.permission === "granted") { // if it's okay let's create a notification var notification = new notification("hi there!"); } // otherwise, we need to ask the user for permission else if (notification.permission !== "denied") { notification.requestpermission().then(function (permission) { // if the user accepts, let's create...
...} we no longer show a live sample on this page, as chrome and firefox no longer allow notification permissions to be requested from cross-origin <iframe>s, with other browsers to follow.
PushManager.hasPermission() - Web APIs
the pushmanager.haspermission() method of the pushmanager interface returns a promise that resolves to the pushpermissionstatus of the requesting webapp, which will be one of granted, denied, or default.
... syntax ​pushmanager.haspermission().then(function(pushpermissionstatus) { ...
Starting up and shutting down a WebXR session - Web APIs
permissions and security there are a number of security measures in place revolving around webxr.
... for more specifics about securing webxr actitvities and usage, see the article permissions and security for webxr.
WorkerNavigator - Web APIs
workernavigator.permissions read only returns a permissions object that can be used to query and update permission status of apis covered by the permissions api.
... navigator.storageread only returns a storagemanager interface for managing persistance permissions and estimating available storage.
XRPermissionDescriptor.mode - Web APIs
the mode property of the xrpermissiondescriptor dictionary is a string taken from the xrsessionmode enumerated type, specifying which web xr session mode (inline, immersive-vr, or immersive-ar) the described permissions will be used for.
... let xrpermissiondesc = { name: "xr", mode: "immersive-vr" }; if (navigator.permissions) { navigator.permissions.query(xrpermissiondesc).then(({state}) => { switch(state) { case "granted": setupxr(); break; case "prompt": promptandsetupxr(); break; default: /* do nothing otherwise */ break; } .catch(err) { console.log(err); } } else { setupxr(); } specifications specification status ...
Feature Policy - HTTP
the feature-policy header has now been renamed to permissions-policy in the spec, and this article will eventually be updated to reflect that change.
...where available, the feature integrates with the permissions api, or feature-specific mechanisms to check if the feature is available.
Feature-Policy - HTTP
the header has now been renamed to permissions-policy in the spec, and this article will eventually be updated to reflect that change.
... specifications specification permissions policy ...
Navigator.mozNotification - Archive of obsolete content
permissions when using notifications in an open web app, be sure to add the desktop-notification permission in your manifest file: "permissions": { "desktop-notification": {} } usage notes in firefox 22+, the instantiation of a new notification should be done with the notification object by calling new notification(title, options).
Content Scripts - Archive of obsolete content
however, you can enable these features for specific domains by adding them to your add-on's package.json under the "cross-domain-content" key, which itself lives under the "permissions" key.
private-browsing - Archive of obsolete content
opting into private browsing add-ons built using the sdk must opt into private browsing by setting the following key in their package.json file: "permissions": {"private-browsing": true} if an add-on has not opted in, then the high-level sdk modules will not expose private windows, or objects (such as tabs) that are associated with private windows: the windows module will not list any private browser windows, generate any events for private browser windows, or let the add-on open any private browser windows the tabs module will not list a...
content/loader - Archive of obsolete content
allow permissions for the content, with the following keys: ...
Extension Packaging - Archive of obsolete content
when using this method you must verify that the file system permissions for the directories, and files for the extension, are set properly.
How to convert an overlay extension to restartless - Archive of obsolete content
(note that the usage of an octal integer literal, while standard for handling permissions, is dangerous and deprecated; usage of use es5 strict mode to disable this and other foot-guns is recommended) if you need to read/manipulate binary data, a nsibinaryinputstream instance is what you'll use on that stream (e.g.
Appendix: What you should know about open-source software licenses - Archive of obsolete content
duplication: copying a piece of software distribution: passing a piece of software to another person modification: modifying the software a typical software license will grant these permissions in return for a fee, and will still restrict some normally unrestricted uses.
Local Storage - Archive of obsolete content
let localdir = directoryservice.get("profd", ci.nsifile); localdir.append("xulschool"); if (!localdir.exists() || !localdir.isdirectory()) { // read and write permissions to owner and group, read-only for others.
Extensions support in SeaMonkey 2 - Archive of obsolete content
are listed below: url in firefox url in seamonkey overlays chrome://browser/content/browser.xul chrome://navigator/content/navigator.xul main browser window chrome://browser/content/pageinfo/pageinfo.xul chrome://navigator/content/pageinfo/pageinfo.xul page info window chrome://browser/content/preferences/permissions.xul chrome://communicator/content/permis...onsmanager.xul permissions manager dialog urls added in 2.1 url in firefox url in seamonkey chrome://browser/content/bookmarks/bookmarkspanel.xul chrome://communicator/content/bookmarks/bm-panel.xul chrome://browser/content/places/places.xul chrome://communicator/...
Index - Archive of obsolete content
3416 bypassing security restrictions and signing code security, web development early versions of firefox allowed web sites to segregate principals using signed scripts, and request extra permissions for scopes within signed scripts using a function called enableprivelege.
Index of archived content - Archive of obsolete content
homeprovider.jsm homestorage nativewindow contextmenus doorhanger menu toast notifications.jsm pageactions.jsm prompt.jsm runtimepermissions.jsm snackbars.jsm sound.jsm tab addons developer guide code snippets creating a user interface firefox hub walkthrough initialization and cleanup prerequisites walkthrough webextensions for firefox for android ...
Java in Firefox Extensions - Archive of obsolete content
s leading to this jar and all other jars in your extension within an array of java.net.url's, pass to java.net.urlclassloader to get a class loader, and finally pass the classloader and array to a function which gives the necessary privileges: // this function will be called to give the necessary privileges to your jar files // however, the policy never comes into play, because // (1) adding permissions doesn't add to the policy itself, and // (2) addurl alone does not set the grant codebase function policyadd (loader, urls) { try { //if have trouble with the policy try changing it to //edu.mit.simile.javafirefoxextensionutils.urlsetpolicy var str = 'edu.mit.simile.javafirefoxextensionutils.urlsetpolicy'; var policyclass = java.lang.class.forname( ...
Remotely debugging Firefox for Metro - Archive of obsolete content
tip: if the remote connection times out, flip to the desktop via the desktop tile and check if windows firewall has thrown up an incoming connection permissions prompt.
Return Codes - Archive of obsolete content
read_only -215 the specified file cannot be deleted because its permissions are set to read only.
IO - Archive of obsolete content
ArchiveMozillaXULFileGuideIO
retrieve a file object for information about getting a file object, see accessing files get information about a file available information about a file include the permissions, size, and last modified date of a file.
Manifest Files - Archive of obsolete content
this latter chrome directory is normally the one used since the application directory might not have sufficient permissions to write into it.
iframe - Archive of obsolete content
warning: when used in chrome-privileged documents (either html or xul) such as firefox addons, the contents of the frame may have the same permissions as firefox itself.
prefwindow - Archive of obsolete content
for example the permissions manager ui in firefox uses the same window for three dialogs: images, software installation and popups.
Deploying XULRunner - Archive of obsolete content
to make it all work, change the permissions of your bundle by running chmod -r 755 yourapp.app.
Logging Multi-Process Plugins - Archive of obsolete content
make sure you have write permissions to wherever you wish to save the log.
CSRF - MDN Web Docs Glossary: Definitions of Web-related terms
this can be done, for example, by including malicious parameters in a url behind a link that purports to go somewhere else: <img src="https://www.example.com/index.php?action=delete&id=123"> for users who have modification permissions on https://www.example.com, the <img> element executes action on https://www.example.com without their noticing, even if the element is not at https://www.example.com.
Third-party APIs - Learn web development
third party apis have a slightly different permissions system — they tend to use developer keys to allow developers access to the api functionality, which is more to protect the api vendor than the user.
Client-Server Overview - Learn web development
cookies contain session data about the client, including keys that the server can use to determine their login status and permissions/accesses to resources.
Server-side web frameworks - Learn web development
deno modules restrict permissions to file, network, or environment access unless explicitly allowed.
Website security - Learn web development
sql injection sql injection vulnerabilities enable malicious users to execute arbitrary sql code on a database, allowing data to be accessed, modified, or deleted irrespective of the user's permissions.
Server-side website programming - Learn web development
learning pathway getting started with server-side programming is usually easier than client-side development, because dynamic websites tend to perform a lot of very similar operations (retrieving data from a database and displaying it in a page, validating user-entered data and saving it in a database, checking user permissions and logging users in, etc.), and are constructed using web frameworks that make these and other common web server operations easy.
Introduction to automated testing - Learn web development
to update npm, use the following command in your terminal: npm install npm@latest -g note: if the above command fails with permissions errors, fixing npm permissions should sort you out.
Embedding API for Accessibility
we have a permissions system for cookies and images based on url's.
Testopia
testopia allows users to login to one tool and uses bugzilla group permissions to limit access to modifying test objects.
Eclipse CDT Manual Setup
download just-print-mozilla-build.py and change its permissions to make it executable ('chmod a+x just-print-mozilla-build.py').
Reviewer Checklist
android permissions should be 'grouped' into a common release to avoid breaking auto-updates.
Error codes returned by Mozilla APIs
ns_error_file_access_denied (0x80520015) an operation was not performed on a file because the file cannot be accessed, typically because the permissions set for the file do not allow the operation.
Blocked: Custom cookie permission
the permission can be changed or removed by: going to preferences > content blocking > cookies and site data clicking on the manage permissions button and updating the listed exceptions ...
HTMLIFrameElement.clearMatch()
note: use of the browser api requires a privileged app, and browser and/or embed-apps permissions, depending on what you want to do.
HTMLIFrameElement.executeScript()
note: use of the browser api requires a privileged app, and browser and/or embed-apps permissions, depending on what you want to do.
HTMLIFrameElement.findAll()
note: use of the browser api requires a privileged app, and browser and/or embed-apps permissions, depending on what you want to do.
HTMLIFrameElement.findNext()
note: use of the browser api requires a privileged app, and browser and/or embed-apps permissions, depending on what you want to do.
Addon
permissions read only integer a bitfield holding all the the operations that can be performed on this add-on.
AddonManager
permissions constant description perm_can_uninstall this add-on can be uninstalled.
JNI.jsm
with this module, all of the android sdk functions that firefox has permissions for are at your fingertips.
Webapps.jsm
ps.jsm"); // exported symbol is domapplicationregistry method overview init: function() loadcurrentregistry: function() notifyappsregistrystart: function notifyappsregistrystart() notifyappsregistryready: function notifyappsregistryready() sanitizeredirects: function sanitizeredirects(asource) _savewidgetsfullpath: function(amanifest, adestapp) appkind: function(aapp, amanifest) updatepermissionsforapp: function(aid, aispreinstalled) updateofflinecacheforapp: function(aid) installpreinstalledapp: function installpreinstalledapp(aid) removeifhttpsduplicate: function(aid) installsystemapps: function() loadandupdateapps: function() updatedatastore: function(aid, aorigin, amanifesturl, amanifest) _registersystemmessagesforentrypoint: function(amanifest, aapp, aentrypoint) _registerint...
NSS 3.19.2.3 release notes
an attacker could create a specially-crafted certificate which, when parsed by nss, would cause a crash or execution of arbitrary code with the permissions of the user.
NSS 3.21.1 release notes
an attacker could create a specially-crafted certificate which, when parsed by nss, would cause a crash or execution of arbitrary code with the permissions of the user.
NSS 3.22.2 release notes
an attacker could create a specially-crafted certificate which, when parsed by nss, would cause a crash or execution of arbitrary code with the permissions of the user.
NSS 3.23 release notes
an attacker could create a specially-crafted certificate which, when parsed by nss, would cause a crash or execution of arbitrary code with the permissions of the user.
Rhino shell
note if the shell is invoked with the system property rhino.use_java_policy_security set to true and with a security manager installed, the shell restricts scripts permissions based on their urls according to java policy settings.
Starting WebLock
that interface includes members representing the file name, file attributes, permissions, existence, and others.
nsIFileOutputStream
if set to -1 the default permissions (0664) will be used.
nsIPropertyBag
e:"mozilla" appname:"netscape" appversion:"5.0 (windows)" battery:batterymanager buildid:"20140529161749" cookieenabled:true donottrack:"yes" geolocation:geolocation language:"en-us" mimetypes:mimetypearray mozalarms:null mozapps:xpcwrappednative_nohelper mozcameras:cameramanager mozconnection:mozconnection mozcontacts:contactmanager mozid:null mozkeyboard:xpcwrappednative_nohelper mozpay:null mozpermissionsettings:null mozphonenumberservice:phonenumberservice mozpower:mozpowermanager moztcpsocket:null online:true oscpu:"windows nt 5.1" platform:"win32" plugins:pluginarray product:"gecko" productsub:"20100101" useragent:"mozilla/5.0 (windows nt 5.1; rv:30.0) gecko/20100101 firefox/30.0" vendor:"" vendorsub:"" __proto__:navigatorprototype from here we can easily see the operating system version.
nsIToolkitProfileService
this may throw an ns_error_failure (0x80004005) when trying to get the current profile if it's unavailable or if permissions restrict access.
nsIWinAppHelper
returns true only if all the following conditions are all true at once: the operating system is at least windows vista user account control is enabled the user is an administrator the application is not already running with elevated permissions otherwise it returns false.
nsIZipReader
ointer', entrypointer); /* console output * "entrypointer" "bootstrap.js" scratchpad/1:18 */ console.info('entry', entry); /* console output * "entry" xpcwrappednative_nohelper { queryinterface: queryinterface(), compression: getter, size: getter, realsize: getter, crc32: getter, isdirectory: getter, lastmodifiedtime: getter, issynthetic: getter, permissions: getter, compression: 8 } scratchpad/1:19 */ if (!entry.isdirectory) { var inputstream = zr.getinputstream(entrypointer); reusablestreaminstance.init(inputstream); var filecontents = reusablestreaminstance.read(entry.realsize); console.log('contenst of file=', filecontents); } else { console.log('is directory, no...
Virtualenv
you may need to use sudo to obtain appropriate permissions for the system.
about:debugging (before Firefox 68) - Firefox Developer Tools
this does what it says: reloading any persistent scripts, such as background scripts parsing the manifest.json file again, so changes to permissions, content_scripts, browser_action or any other keys will take effect.
about:debugging - Firefox Developer Tools
this does what it says: reloads any persistent scripts, such as background scripts parses the manifest.json file again, so changes to permissions, content_scripts, browser_action or any other keys take effect installed extensions the permanently installed extensions are listed in the next section, extensions.
Accelerometer - Web APIs
to use this sensor, the user must grant permission to the 'accelerometer', device sensor through the permissions api.
AmbientLightSensor - Web APIs
to use this sensor, the user must grant permission to the 'ambient-light-sensor' device sensor through the permissions api.
Clipboard.readText() - Web APIs
the "clipboard-read" permission of the permissions api must be granted before you can read data from the clipboard.
Clipboard.write() - Web APIs
WebAPIClipboardwrite
the "clipboard-write" permission of the permissions api, is granted automatically to pages when they are in the active tab.
Clipboard.writeText() - Web APIs
the "clipboard-write" permission of the permissions api, is granted automatically to pages when they are in the active tab.
ClipboardItem - Web APIs
access to the contents of the clipboard is gated behind the permissions api: the clipboard-write permission is granted automatically to pages when they are in the active tab.
Clipboard API - Web APIs
access to the contents of the clipboard is gated behind the permissions api: the clipboard-write permission is granted automatically to pages when they are in the active tab.
FeaturePolicy.allowedFeatures() - Web APIs
please note that these features might be restricted by the permissions api, if the user did not grant the corrsponding permission yet.
FeaturePolicy.allowsFeature() - Web APIs
please note that camera api might be restricted by the permissions api, if the user did not grant the corresponding permission yet.
FeaturePolicy.features() - Web APIs
feature whose name appears on the list might not be allowed by the feature policy of the current execution context and/or might not be accessible because of user's permissions.
FeaturePolicy.getAllowlistForFeature() - Web APIs
please note that camera api might be restricted by the permissions api, if the user did not grant the corrsponding permission yet.
FeaturePolicy - Web APIs
feature whose name appears on the list might not be allowed by the feature policy of the current execution context and/or might not be accessible because of user's permissions.
FileSystemEntry.remove() - Web APIs
fileerror.security_err the entry couldn't be removed due to permissions or other access constraints, or because there are too many calls being made on file resources.
Gyroscope - Web APIs
WebAPIGyroscope
to use this sensor, the user must grant permission to the 'gyroscope' device sensor through the permissions api.
Audio() - Web APIs
the event-based approach is best: myaudioelement.addeventlistener("canplaythrough", event => { /* the audio is now playable; play it if permissions allow */ myaudioelement.play(); }); memory usage and management if all references to an audio element created using the audio() constructor are deleted, the element itself won't be removed from memory by the javascript runtime's garbage collection mechanism if playback is currently underway.
Using IndexedDB - Web APIs
<iframe> content) cannot access indexeddb if the browser is set to never accept third party cookies (see bug 1147821.) warning about browser shutdown when the browser shuts down (because the user chose the quit or exit option), the disk containing the database is removed unexpectedly, or permissions are lost to the database store, the following things happen: each transaction on every affected database (or all open databases, in the case of browser shutdown) is aborted with an aborterror.
LinearAccelerationSensor - Web APIs
to use this sensor, the user must grant permission to the 'accelerometer' device sensor through the permissions api.
Magnetometer - Web APIs
to use this sensor, the user must grant permission to the 'magnetometer' device sensor through the permissions api.
MediaDeviceInfo - Web APIs
+ " id = " + device.deviceid); }); }) .catch(function(err) { console.log(err.name + ": " + err.message); }); this might produce: videoinput: id = cso9c0ypaf274oucpua53cne0yhlir2yxci+sqfbzz8= audioinput: id = rkxxbyjnabbadgqnnzqlvldmxls0yketycibg+xxnvm= audioinput: id = r2/xw1xupiyzunfv1lgrkoma5wtovckwfz368xcndm0= or if one or more media streams are active, or if persistent permissions have been granted: videoinput: facetime hd camera (built-in) id=cso9c0ypaf274oucpua53cne0yhlir2yxci+sqfbzz8= audioinput: default (built-in microphone) id=rkxxbyjnabbadgqnnzqlvldmxls0yketycibg+xxnvm= audioinput: built-in microphone id=r2/xw1xupiyzunfv1lgrkoma5wtovckwfz368xcndm0= specifications specification status comment media capture and streamsthe definition of 'medi...
MediaDevices.enumerateDevices() - Web APIs
bel + " id = " + device.deviceid); }); }) .catch(function(err) { console.log(err.name + ": " + err.message); }); this might produce: videoinput: id = cso9c0ypaf274oucpua53cne0yhlir2yxci+sqfbzz8= audioinput: id = rkxxbyjnabbadgqnnzqlvldmxls0yketycibg+xxnvm= audioinput: id = r2/xw1xupiyzunfv1lgrkoma5wtovckwfz368xcndm0= or if one or more mediastreams are active or persistent permissions are granted: videoinput: facetime hd camera (built-in) id=cso9c0ypaf274oucpua53cne0yhlir2yxci+sqfbzz8= audioinput: default (built-in microphone) id=rkxxbyjnabbadgqnnzqlvldmxls0yketycibg+xxnvm= audioinput: built-in microphone id=r2/xw1xupiyzunfv1lgrkoma5wtovckwfz368xcndm0= specifications specification status comment media capture and streamsthe definition of 'mediadevic...
MediaDevices - Web APIs
ndow.stream = stream; // make variable available to browser console video.srcobject = stream; }) .catch(function(error) { if (error.name === 'constraintnotsatisfiederror') { errormsg('the resolution ' + constraints.video.width.exact + 'x' + constraints.video.height.exact + ' px is not supported by your device.'); } else if (error.name === 'permissiondeniederror') { errormsg('permissions have not been granted to use your camera and ' + 'microphone, you need to allow the page access to your devices in ' + 'order for the demo to work.'); } errormsg('getusermedia error: ' + error.name, error); }); function errormsg(msg, error) { errorelement.innerhtml += '<p>' + msg + '</p>'; if (typeof error !== 'undefined') { console.error(error); } } specifications ...
MediaStreamTrack: ended event - Web APIs
the user revoked the permissions needed for the data to be sent.
MediaStreamTrack.onended - Web APIs
this event occurs when the track will no longer provide data to the stream for any reason, including the end of the media input being reached, the user revoking needed permissions, the source device being removed, or the remote peer ending a connection.
Navigator.clipboard - Web APIs
this permission must be obtained from the permissions api using the "clipboard-read" and/or "clipboard-write" permissions.
Notification.permission - Web APIs
function notifyme() { // let's check if the browser supports notifications if (!("notification" in window)) { console.log("this browser does not support desktop notification"); } // let's check whether notification permissions have alredy been granted else if (notification.permission === "granted") { // if it's okay let's create a notification var notification = new notification("hi there!"); } // otherwise, we need to ask the user for permission else if (notification.permission !== 'denied' || notification.permission === "default") { notification.requestpermission(function (permission) { // ...
Notifications API - Web APIs
note: as of firefox 44, the permissions for notifications and push have been merged.
PushRegistrationManager - Web APIs
pushregistrationmanager.haspermission() returns a promise that resolves to the pushpermissionstatus of the requesting webapp.
RTCPeerConnection.close() - Web APIs
this also releases any resources in use by the ice agent, including turn permissions.
StorageManager - Web APIs
the storagemanager interface of the the storage api provides an interface for managing persistance permissions and estimating available storage.
Storage API - Web APIs
note: see using the permissions api for further details about obtaining and managing permissions.
WebRTC connectivity - Web APIs
there may be permissions issues or other problems as well, for that matter.
Introduction to the Real-time Transport Protocol (RTP) - Web APIs
it isn't adequate for the purposes of fully managing users, memberships, permissions, and so forth, but provides the basics needed for an unrestricted multi-user communication session.
WebXR Device API - Web APIs
permissions and security for webxr the webxr device api has several areas of security to contend with, from establishing feature-policy to ensuring the user intends to use the mixed reality presentation before activating it.
Using the Web Speech API - Web APIs
firefox os 2.5+ supports it, by default, and without the need for any permissions.
WindowOrWorkerGlobalScope.fetch() - Web APIs
a fetch() promise only rejects when a network error is encountered (which is usually when there’s a permissions issue or similar).
XRPermissionDescriptor.optionalFeatures - Web APIs
xrreferencespace usage notes examples let xrpermissiondesc = { name: "xr", mode: "immersive-vr", optionalfeatures: [ "bounded-floor" ] }; if (navigator.permissions) { navigator.permissions.query(xrpermissiondesc).then(({state}) => { switch(state) { case "granted": setupxr(); break; case "prompt": promptandsetupxr(); break; default: /* do nothing otherwise */ break; } .catch(err) { console.log(err); } } else { setupxr(); } specifications specification status ...
XRSystem: requestSession() - Web APIs
this can happen for a number of reasons, which are covered in more detail in permissions and security in webxr device api.
Guide to Web APIs - Developer guides
WebGuideAPI
fullscreen apiggamepad api geolocation apihhtml drag and drop apihigh resolution timehistory apiiimage capture apiindexeddbintersection observer apillong tasks api mmedia capabilities api media capture and streamsmedia session apimedia source extensions mediastream recordingnnavigation timingnetwork information api ppage visibility apipayment request apiperformance apiperformance timeline apipermissions apipointer eventspointer lock apiproximity events push api rresize observer apiresource timing apisserver sent eventsservice workers apistoragestorage access apistreams ttouch eventsuurl apivvibration apivisual viewport wweb animationsweb audio apiweb authentication apiweb crypto apiweb notificationsweb storage apiweb workers apiwebglwebrtcwebvttwebxr device apiwebsockets api ...
<iframe>: The Inline Frame element - HTML: Hypertext Markup Language
WebHTMLElementiframe
see the article privacy, permissions, and information security for details on security issues and how <iframe> works with feature policy to keep systems safe.
Feature-Policy: xr-spatial-tracking - HTTP
specifications specification status comment webxr device apithe definition of 'permissions policy' in that specification.
OPTIONS - HTTP
WebHTTPMethodsOPTIONS
access-control-max-age the above permissions may be cached for 86,400 seconds (1 day).
eval() - JavaScript
if you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension.
Autoplay guide for media and Web Audio APIs - Web media technologies
feature-policy: autoplay 'self'; fullscreen the same permissions, grated using the <iframe> element's allow property, look like this: <iframe src="mediaplayer.html" allow="autoplay 'src'; fullscreen"> </iframe> example: allowing autoplay from specific sources the feature-policy header to allow media to be played from both the document's (or <iframe>'s) own domain and https://example.media looks like this: feature-policy: autoplay 'self' https://ex...
Web technology for developers
accessibilitycss houdinicss: cascading style sheetsdemos of open web technologiesdeveloper guidesexsltevent referencehtml: hypertext markup languagehttpjavascriptmathmlopensearch description formatprivacy, permissions, and information securityprogressive web apps (pwas)svg: scalable vector graphicstutorialsweb apisweb componentsweb performanceweb app manifestsweb media technologiesweb securityweb technology referencexml: extensible markup languagexpathxslt: extensible stylesheet language transformations ...
Caching compiled WebAssembly modules - WebAssembly
if opening the database failed (for example due to permissions or quota), we fall back to simply fetching and compiling the module and don't try to store the results (since there is no database to store them into).
WebAssembly Concepts - WebAssembly
like other web code, it will enforce the browser's same-origin and permissions policies.