1
/* -*- Mode: Java; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* ***** BEGIN LICENSE BLOCK *****
3
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
5
* The contents of this file are subject to the Netscape Public License
6
* Version 1.1 (the "License"); you may not use this file except in
7
* compliance with the License. You may obtain a copy of the License at
8
* http://www.mozilla.org/NPL/
10
* Software distributed under the License is distributed on an "AS IS" basis,
11
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12
* for the specific language governing rights and limitations under the
15
* The Original Code is mozilla.org code.
17
* The Initial Developer of the Original Code is
18
* Netscape Communications Corporation.
19
* Portions created by the Initial Developer are Copyright (C) 1998
20
* the Initial Developer. All Rights Reserved.
24
* Alternatively, the contents of this file may be used under the terms of
25
* either the GNU General Public License Version 2 or later (the "GPL"), or
26
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27
* in which case the provisions of the GPL or the LGPL are applicable instead
28
* of those above. If you wish to allow use of your version of this file only
29
* under the terms of either the GPL or the LGPL, and not to allow others to
30
* use your version of this file under the terms of the NPL, indicate your
31
* decision by deleting the provisions above and replace them with the notice
32
* and other provisions required by the GPL or the LGPL. If you do not delete
33
* the provisions above, a recipient may use your version of this file under
34
* the terms of any one of the NPL, the GPL or the LGPL.
36
* ***** END LICENSE BLOCK ***** */
39
///////////////////////////////////////////////////////////////////////////////
40
// This is the default preferences file defining the behavior for hosting
41
// ActiveX controls in Gecko embedded applications. Embedders should override
42
// this file to set their own policy.
43
///////////////////////////////////////////////////////////////////////////////
46
///////////////////////////////////////////////////////////////////////////////
47
// General hosting flags settings. Read nsIActiveXSecurityPolicy.idl in
48
// http://lxr.mozilla.org/seamonkey/find?string=nsIActiveXSecurityPolicy.idl
49
// for more combinations.
53
// 0 means no hosting of activex controls whatsoever
54
// 13 means medium settings (safe for scripting controls and download / install)
55
// 31 means host anything (extremely dangerous!)
58
pref("security.xpconnect.activex.global.hosting_flags", 13);
61
///////////////////////////////////////////////////////////////////////////////
62
// Whitelist / Blacklist capabilities
64
// The whitelist and blacklist settings define what controls Gecko will host
65
// and the default allow / deny behavior.
69
// The hosting flags pref value above takes priority over settings below.
70
// Therefore if the hosting flags are set to 0 (i.e. host nothing) then
71
// no control will be hosted no matter what controls are enabled. Likewise,
72
// If safe for scripting checks are (wisely) enabled, no unsafe control
73
// will be hosted even if it is explicitly enabled below.
78
// Gecko always reads the IE browser's control blacklist if one is defined
79
// in the registry. This is to ensure any control identified by Microsoft
80
// or others as unsafe is not hosted without requiring it to be explicitly
85
///////////////////////////////////////////////////////////////////////////////
86
// This pref sets the default policy to allow all controls or deny them all
87
// default. If the value is false, only controls explicitly enabled by their
88
// classid will be allowed. Otherwise all controls are allowed except those
89
// explicitly disabled by their classid.
91
// If you are writing an embedding application that only needs to run
92
// certain known controls, (e.g. an intranet control of some kind) you are
93
// advised to use the false value and enable the control explicitly.
95
pref("security.classID.allowByDefault", true);
98
///////////////////////////////////////////////////////////////////////////////
99
// Specify below the controls that should be explicitly enabled or disabled.
100
// This is achieved by writing a policy rule, specifiying the classid of the
101
// control and giving the control "AllAccess" or "NoAccess".
103
// CIDaaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
105
// You could explicitly ban a control (using the appropriate classid) like this
107
// pref("capability.policy.default.ClassID.CID039ef260-2a0d-11d5-90a7-0010a4e73d9a", "NoAccess");
109
// If you want to explicity enable a control then do this:
111
// pref("capability.policy.default.ClassID.CID039ef260-2a0d-11d5-90a7-0010a4e73d9a", "AllAccess");
113
// If you want to explicitly ban or allow a control for one or more sites then
114
// you can create a policy for those sites. This example creates a domain
115
// called 'trustable' containing sites where you allow an additional control
118
// user_pref("capability.policy.policynames", "trustable");
119
// user_pref("capability.policy.trustable.sites", "http://www.site1.net http://www.site2.net");
120
// user_pref("capability.policy.trustable.ClassID.CID039ef260-2a0d-11d5-90a7-0010a4e73d9a", "AllAccess");