Search code examples
javascriptc++browsernpapifirebreath

FireBreath: How to securely display a confirmation dialog to the user?

I am developing a FireBreath NPAPI plugin that for some cases it has to search the user's filesystem.

To inform the user and to avoid malicious use of the plugin, I wanted to display a confirmation dialog to the user, that will allow him to accept or deny the task.

So far, I managed to display the classic Javascript window.confirm dialog, but it's far from secure:

bool MyPlugin::confirm( std::string msg ) {
    FB::DOM::WindowPtr window = m_host->getDOMWindow();
    FB::JSObjectPtr obj = window->getProperty<FB::JSObjectPtr>("window");
    return obj->Invoke("confirm", FB::variant_list_of( msg )).convert_cast<bool>();
}

A malicious user could overload the window.confirm function to return always true. One solution I thought of was to check if the function was indeed native to the browser:

// Make sure the function is valid native function and not a hack 
FB::variant f = obj->GetProperty("confirm");
FB::JSObjectPtr fPtr = f.convert_cast<FB::JSObjectPtr>();
std::string fType = fPtr->Invoke("toString", FB::variant_list_of( msg )).convert_cast<std::string>();
// Look for [native code] in fType

But again the malicious user could overload the window.confirm.toString and/or Function.prototype.toString() in order to fake the response. (So this solution: Detect if function is native to browser is not really safe)

Therefore I wanted to ask you, do you know any cross-platform (OSX, Linux and Windows) way to display a confirmation dialog that cannot be hacked in any way? OR Is it possible via FireBreath to access directly the native function of window.confirm?

I know that QT or wxWidgets is an option but that's really my last resort.

Solution

  • No, there pretty much isn't going to be any way to securely do this in a cross platform manner. Probably what I'd do is pop up a system confirm dialog on each platform.

    (you will probably need to do it on a seperate thread, since blocking the main thread is grounds for plugin termination in most browsers)

    The closest thing to an example that I can give you is the code I use for doing a file/folder open dialog, which you can find in a gist.