There are many times when people want to use XUL remotely. There are a lot of restrictions on the kinds of things that can be done however. Some are more obvious such as reading local files, but others are really just bugs, such as the buttons on a wizard not appearing properly. There are many times when a remote application will want to have privileges to perform additional operations. Currently, in Mozilla, the only way to allow this is to sign the code, or package the code up into an installable download, which is what all the extensions do. Code signing is not viable in most cases -- you need to get a certificate, the steps involved are difficult and very error-prone, and I haven't been able to get it to work with newer Mozilla versions. Back when I first tried to sign code (many years ago), it took me almost a week to figure out how to do it.

Creating a chrome package is simpler although is more complex than it should be. Many people have problems creating the RDF files necessary, putting files in the right place and packaging the files correctly. Chrome also requires that the package be installed on the user's machine. For many applications, such as those internal company ones that do things like bug tracking, project management, and so forth, this isn't a good solution. Chrome applications currently have no automatic updating mechanism, unlike a web site which can be tweaked every day without hassle. There is some talk of adding such a feature to Firefox soon, but this isn't really a viable solution. Having to install things is just not acceptable in the eyes of many internal support people. Also, having to call enablePrivilege all over the place is too much trouble for some.

Instead, I think a better mechanism would be to use a file containing an application description (like the contents.rdf file) which sits somewhere on a remote site. In addition to the application name and author, it might list permissions that the application desires. It could be simple, such as a site that desires general enhanced access, or fine-grained like listing specific URLs or a base URL that requires access to specified XPCOM components or interfaces.

When this remote description file is read, a message box would appear where the user would be asked to grant permission, along with the option of checking a Remember this Decision checkbox. The user would then be redirected to the actual application, the URL of which is specified in the description file. The application would have whatever privileges are necessary.

In this scheme described above, enhanched privileges are only a click of a Grant button away. Some may think that this would lower the security in the browser, and put the user at greater risk. Not really. Enhanced permissions are already only a click away, since XPInstall only requires a single click for a chrome application to be installed.

People ask all the time about why some feature doesn't work in remote XUL. We need to be able to allow these kinds of operations without resorting to some complex scheme such as code signing which just isn't viable for many purposes. Granted, there are places where a extreme amount of security is needed, but very few ordinary users would have a need for this.