Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
firefox wont allow the javascript to save a file in client machine is the browser security policy
https://addons.mozilla.org/en-US/firefox/addon/1046
the above linked addon can save a file then why cant we save a file in the filesystem using javascript
Code that is part of an extension the user explicitly chose to install is trusted more than code running on a page the user happens to visit. Thus, Firefox allows extension code this functionality (accessing the filesystem), but does not allow code running in a webpage to do this.
This makes sense: it’s much easier for an attacker to get a user to accidentally visit his malicious page and run it’s javascript (with invisible iframes, for example), than it is for an attacker to get the user to install a malicious extension. Additionally, Mozilla code reviews every extension on their website to make sure they aren’t malicious.
I should also note that extensions don’t have to be written in Javascript. Many of them are written in native code (C++ usually), and there are XPCOM (one of the ways extensions interface with the browser) bindings for other languages as well (Python, for example).