Technology- Toolbars and Browser Security
posted in Technology |As part of a project that I’m working on I’ve been building some toolbars recently. The experiece of building toolbars for IE and Firefox is pretty
radically different. This tutorial over on Born Geek was very helpful and I got some
good results in just a couple of days. Overall debugging was moderately easy since I could install the Firefox developer tools and use the JavaScript
console. I did hit one intermittent crash that was almost a ship-stopper, and did I mention that the documentation for this stuff is terrible? I dont mean to complain- I know its all free, but if Open Source stuff wants to compete with the alternatives, they need to provide some great reference materials for developers. When trying to use XUL the behavior of the 6 different kinds of buttons and various layout things seemed pretty random, and it was pretty much trial and error getting it to work right.
We werent even going to do an IE toolbar initially because I figured it would be a couple extra weeks of work to get all the COM and C++ stuff right. I went searching for some sample-code and came across ToolbarStudio on http://besttoolbars.net/. To
be honest my first reaction was that this was pretty damn weird. A full IDE for creating toolbars? With the ability to do all kinds of stuff with no coding (which was almost a negative for me)? For $75? Is there really that big a community of people out there making toolbars, and who really installs that many toolbars anyway?
It turns out that ToolbarStudio is pretty cool if a bit clunky. The definition of the toolbar is all XML, HTML and JavaScript. The environment makes you edit everything packaged in a CAB file which is a bit strange for normal development process / builds / source control. We have also hit a few bugs but so far they have been very responsive at answering questions although the response time is always overnight since their developers are in Russia. The biggest problems are that debugging my JavaScript in this environment can be a nightmare. There isnt the same notion of a console to output debug messages (that I know of), exceptions tend to get silently dropped (things just dont work right), and the process of installing, testing and uninstalling the toolbar can be tedious (also true for the Firefox environment).
One other note- so far Ive been unsuccessful at building a signed Firefox toolbar. Given how (one might say) arrogant the Firefox folks tend to be about their security being better than IE, this is pretty surprising to me. Most Firefox extensions that Ive seen arent signed and Firefox barely gives you better UI for being signed. To sign an extension you use some Netscape 4 era tools and need to do some bizarre packaging involving putting magic files into a ZIP in just the right order. To cap it off, if you dont get it right the package wont install, but the error messages wont really tell you what is wrong. Its a nightmare. Ive heard some rumors that this is getting better, but if the Firefox are really serious about security (as opposed to serious about pretending to have security) they will make signed extensions both a real advantage for developers, as well as easy for everyone to do.
Of course its possible that Im just missing the key instructions- Google doesnt always find everything easily. If so Ill be happy to get pointers to the magic solution and post my apologies up here.
]]>