How can I disable the file:// protocol in Firefox?

5

1

How to disable file:// protocol in firefox

I want the users not to browse the local files on the machine.

I already disabled SaveAs and OpenFile functions.

I want user not to browse the local files or open it if he know the full path.

Ammroff

Posted 2009-08-26T23:28:48.170

Reputation: 81

1Remember to disable Help, too. Sometimes Help opens backdoors. – tsilb – 2009-08-26T23:30:40.897

Answers

3

I found a way to do this.

First the scenario of our problem is:

  • We want client to use a PCs and they have access to firefox only
  • No "my computer","cmd",...etc.
  • We want them not to browse local files by Firefox , just browsing some sites.
  • We want to block file:// protocol that cause browsing of local files.

My suggested solution:

  1. Download r-kiosk extension and modify it to run on firefox 3.5.*

  2. Modify userPref.js to show the address bar in firefox ---- here we stop Save as,open file,remove extension,no viewsource,but users still browse the localfiles by typing file:///c:/ in url.

  3. Modify dirListing.css in Firefox/chrome/classic.jar/skin/classic/(skin name)/dirListing

    body{
           ...
           background-image:url(chrome://global/skin/dirListing/forbidden.png)
    }
table{
...
display:none;
}

Hide elements like P,H1 by using visiblity:hidden

You can use this image created by me to make it as body background:

alt text

Here is the result:

link text

Ammroff

Posted 2009-08-26T23:28:48.170

Reputation: 81

So, the accepted solution is to change Firefox's internal stylesheets in order to hide the directory listing? – dramzy – 2018-04-12T16:28:31.863

Shouldn't "r-kisok" (in bold, in like "1." above) be r-kiosk? – Argalatyr – 2009-08-28T00:01:54.857

1

University of Waterloo has a page detailing a change to browser.js to disable file, chrome, about, etc. protocols.

That was the first result on Google for "firefox disable file protocol," by the way -- probably would have been the first one if this question wasn't the first result.

Mark Rushakoff

Posted 2009-08-26T23:28:48.170

Reputation: 1 087

I already visited this site

and the code provided by them is:

if (location.match(/^file:/) || location.match(/^//) || location.match(/^chrome:/) || location.match(/^resource:/) || (!location.match(/^about:blank/) && location.match(/^about:/))) { loadURI("about:blank"); }

I found in other sites that to put this code in BrowserLoadURI function which is not found in ff3.x – None – 2009-08-27T00:28:31.197

3The page suggests a blacklist, I'd go for a whitelist instead. "http" and "https", and perhaps "ftp" ought to be enough. – Juliano – 2009-08-27T01:31:16.487

Asked: 2009-08-26T23:28:48.170

Viewed: 11 398 times

Active: 2017-05-08T21:18:47.550