[Typo3-dev] Information request about signed scripts
Martin T. Kutschker
Martin.no5pam.Kutschker at blackbox.n0spam.net
Thu Feb 3 08:42:12 CET 2005
Stanislas Rolland wrote:
> Because of security restrictions in Mozilla/Firefox (cut/copy/paste, window resize) and Windows XP SP2 (window resize), it might be desirable to make the main script of htmlArea RTE a signed script. I think the required privileges may then be requested from the user in some friendlier dialog than sometimes little known browser configuration settings.
>
> However, I am not familiar with the techniques of signed scripts. Is/should there be a TYPO3 signature? Would anyone have ideas/references on how it could/should be done?
AFAIK you have to sign every single JS script *). So there cannot be a
single TYPO3 signature. What TYPO3 could offer are certificates for
signing scripts or some service to sign the scripts. But of course, to
be real meaningful someone of typo3.org would had to review the code
before signing. Otherwise it's kind of a blank cheque.
The Mozilla folks have not overcome this problem. Although they have an
active extensiion developer community (mozdev.org) there is no signing
service from them or mozilla.org. In the context of Mozilla you need
signing for remote apps (in XUL/JS) for the very same things (eg
copy&paste).
Anyway, I think it could be done, but needs some time and devotion to
establish such a service. And without an review the certificates would
guarantee nothing.
Masi
*) Any change of code and be it a changed comment or an added blank
requires a new signing!
More information about the TYPO3-dev
mailing list