I volunteer at the Warren memorial library and was asked recently to create a Kiosk mode browser that could not be used to browse anything else except for the library’s book catalog. I started exploring the various options available and soon settled on two browsers, Opera and Firefox, while it is fairly easy to setup opera in kiosk mode you still need to pay Opera for the professional version to make it work.That ruled out opera and I was left with Firefox.I started hunting around for an extension that would turn the Firefox browser into a locked down version where you could not navigate to any site. I downloaded the R-Kiosk extension this extension does a pretty decent job of locking down the browser.The extension disables most of the menu items and does a pretty good job in disabling the navigation bar and the address bar,but the extension fails to block the preferences menu item thus leaving a chink in its armor which can be exploited by anyone who is computer savvy. The person can use the preferences menu to set the home page to any desired site close preferences and hit alt+home on the keyboard to navigate to that page.
For e.g if you wanted to restrict the patron from visiting any other site except for the library’s own home page a malicious user could set the home page to something like http://www.google.com and navigate to any site from there. The author also claims that the extension can only be uninstalled from safe mode, but by going to http://addons.mozilla.com and installing any addon you still get access to the addons window and can uninstall the extension from there.
In the end I found that the only way to circumvent these issues was to disable almost all the menu items, this was too much work which included hacking the perf.js file in the profiles folder so I decided to write a XUL widget instead.
Here is the XUL code
<?xml version="1.0"?>
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<window
id="google's Online catalog"
title="googleOnline catalog"
orient="horizontal"
width="1000"
height="768"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
xmlns:html="http://www.w3.org/1999/xhtml">
<vbox flex="1">
<hbox pack="center">
<html:font face="verdana" color="blue">
<html:strong>
<label value="Google's online catalog"/>
</html:strong>
</html:font>
</hbox>
<hbox flex="1" orient="vertical">
<html:iframe src="http://books.google.com/" flex="1"></html:iframe>
</hbox>
</vbox>
</window>
PS: Copy pasting the code above will not work please download the code here, for some reason the code tag in wordpress does not work with XUL code 😦 properly. once you download the file from the above link rename the file from kiosk.doc to kiosk.xul.
you can preview the above code in this excellent XUL live editor.
On a Mac you can setup a restricted account, set it to auto login without password and then set Firefox to start this XUL file at login. to further prevent access to the OS install the profile password extension for Firefox. This is not an elegant solution but it got the job done.
The XUL file can be started on login with the following command line typed into a shell script
cd /
cd Applications
cd Firefox.app
cd Contents
cd MacOS
./firefox -chrome /nameofxulfile.xul
On a windows machine the default shell can be changed to something like Blackbox which is a minimal shell and can be used for the same purpose, but it isn’t foolproof the only other way is to set the shell as Firefox which I haven’t found a way to do yet.
powered by performancing firefox