How to bypass document.domain limitations when opening local files?

Question

I have a set of HTML files using JavaScript to generate navigation tools, indexing, TOC, etc. These files are only meant to be opened locally (eg, file://) and not served on a web server. Since Firefox 3.x, we run into the following error when clicking a nav button that would generate a new frame for the TOC:

Error: Permission denied for <file://> to get property Location.href from <file://>.

I understand that this is due to security measures within FF 3.x that were not in 2.x, in that the document.domain does not match, so it's assuming this is cross-site scripting and is denying access.

Is there a way to get around this issue? Perhaps just a switch to turn off/on within Firefox? A bit of JavaScript code to get around it?

Answer 1

In firefox:

1. In address bar, type about:config,
2. then type network.automatic-ntlm-auth.trusted-uris in search bar
3. Enter comma separated list of servers (ie, intranet,home,company)

Another way is editing the users.js.

In users.js, write:

user_pref("capability.policy.policynames", "localfilelinks");
user_pref("capability.policy.localfilelinks.sites", "http://site1.com http://site2.com");
user_pref("capability.policy.localfilelinks.checkloaduri.enabled", "allAccess");

But if you want to stop all verification, just Write the following line into users.js file:

user_pref("capability.policy.default.checkloaduri.enabled", "allAccess");

Answer 2

You may use this in firefox to read the file.

function readFile(arq) {
        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
        var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
        file.initWithPath(arq);

        // open an input stream from file  
        var istream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
        istream.init(file, 0x01, 0444, 0);
        istream.QueryInterface(Components.interfaces.nsILineInputStream);  
        var line = {}, lines = [], hasmore;  
        do {  
          hasmore = istream.readLine(line);  
          lines.push(line.value);   
        } while(hasmore);  
        istream.close();  
        return lines;
    }

Answer 3

Cleiton's method will work for yourself, or for any users who you expect will go through this manual process (not likely unless this is a tool for you and your coworkers or something).

I'd hope that this type of thing would not be possible, because if it is, that means that any site out there could start opening up documents on my machine and reading their contents.

Answer 4

You can have all files that you want to access in subfolders relative to the page that is doing the request.

You can also use JSONP to load files from anywhere.

Answer 5

在about：config中将“file：//”添加到network.automatic-ntlm-auth.trusted-uris