---

SIDEBARS ON A LOCAL DISK DRIVE - This has been frustrating me for a long time. I finally seem to have it figured out.

---

The Issue

How can I install a sidebar from a local disk drive in Mozilla/SeaMonkey? I have some customized ones that are not available to the public and the only way I've been able to use them is to have them reside on one of my Web servers. That means the sidebars won't work unless I have an active connection to the Internet. It also means that I can't access any links in the sidebar that point to local drive/system resources.

I understand that this is by design for security reasons. It would be a bad thing to have links on a Web page that would give access to the local system. However, it's my sidebar on my system that I'm trying to access using those links. The sidebar is on my PC, the link accesses my PC, there's no way for anyone to tap into that. Besides, if I can type C:\ into Mozilla's location bar and view my drive contents, how come I can't do it with a sidebar?

---

The Solution

Ok. This works on SeaMonkey (and Mozilla Suite 1.7.8 and up). And on Firefox 1.0.4 (and, I presume, up from there version-wise). For Firefox, see the main sidebar page.

There is a function in the sidebar operation that limits installation of sidebars to the following URLs:

• http:
• ftp:
• https:

Obviously, that limitation is what I'm trying to overcome. Turns out it's pretty simple. The sidebar operation code resides in a javascript file in the Mozilla program's installation location. That should be located at:

[drive]:\Program Files\mozilla.org\Mozilla\components\nsSidebar.js

Inside that file is the following bit of code:

function sidebarURLSecurityCheck(url)
{
if (url.search(/(^http:|^ftp:|^https:)/) == -1)
throw "Script attempted to add sidebar panel from illegal source";
}

All I did was add the URL "file:" to that list on the first line of code. Here's what that section of the file now looks like in my modified file:

/*
* The following change made by Ed Mullen, May 23, 2005
* added "|^file:" (no quotes) to the sidebarURLSecurityCheck function
* to allow installing a sidebar located on a local hard drive
*/

function sidebarURLSecurityCheck(url)
{
if (url.search(/(^http:|^ftp:|^https:|^file:)/) == -1)
throw "Script attempted to add sidebar panel from illegal source";
}
/* end of modification */

Voila! And stunningly simple.

---

Caveats!

• BACK UP BEFORE YOU DO ANY MODIFICATIONS! That means the file(s) you're about to modify as well as your entire profile!
• This is modifying a Mozilla system file. Be extremely careful and if you don't know what you're doing, you probably shouldn't be doing it.
• Don't yell at me if this mod breaks your particular install of Mozilla.
• If you make the mod, you'll lose it the next time you do an upgrade of Mozilla which will replace the file with the default. Back up your modified file as well as the default original.
  • Interestingly enough, I just did an upgrade from 1.7.8 to 1.7.10 and my local sidebars are still there. Perplexing at first, it makes sense after a moment's reflection. The security setting prevents you from installing a local file sidebar but existing ones already installed remain. You just won't be able to add new ones until you re-apply the edit described on this page.
• Make a note of any changes you make.
• You may want to read this bit in the Release Notes for Mozilla Suite that begins "For security reasons, Mozilla does not allow web content to link to local files." I have tested this and it does work for local sidebar installation. But it defeats ALL the local files security restrictions which is something you should NOT do. If you need local sidebars then use my hack described above.

As always, if you have comments or questions, email me.