I have this bookmarklet, i.e. it does not start with ‘http:’ but with ‘javascript:’. No issue with that, it works correctly.
The problem occurs when I want to deploy this to users. I’d like to present them a link they’ll just click to add to their favorites. Whatever methods I use (examples found on the web, or JQuery with jFav), I end up with a javascript error ‘permission denied’ when clicking the link, though it works perfectly when the link to bookmark is a classic ‘http’ one.
I believe that’s some security in browsers, but is there a way to avoid this?
I have this bookmarklet, i.e. it does not start with ‘http:’ but with ‘javascript:’.
Share
It is indeed a security measure. If a user could be tricked into bookmarking and running a javascript: URL, that’s pretty much global cross-site-scripting.
About all you can do is present the user with a javascript: link, and ask them to bookmark it via right-click-bookmark or drag-to-bookmarks. You should also write the link out so it can be copy-and-pasted and manually bookmarked, because some browsers won’t present right-click-bookmark for a JavaScript link, and others may not have a bookmarks bar visible.