This is an archived page. It's not actively maintained.

Prism allows for some client-side web application customization. The web application bundle is allowed to hold a JavaScript file named webapp.js (called the webapp script). This file will be loaded into the Prism chrome window very much like a Firefox extension is loaded into the browser chrome window. It can contain the following functions:

When the app starts, before the user interface is displayed. Since the web application has not yet loaded, the window object is still undefined.
Just before the user interface is displayed. Returning false causes the application to terminate.
After the main application windows has finished loading. The window object has been initialized and can be used.
If there is an error loading the main app page (e.g. the server is not accessible).
Just before the application terminates.

Prism exposes desktop integration features through an property of the window object called platform. The platform property implements the nsIPlatformGlue interface, whose methods are described in the following section. Methods of the window.platform object can be called from webapp.js or from web content. The following code can be used by web content to determine whether it is running in Prism:

if ("platform" in window) {
  // Prism-specific code goes here

See the nsIPlatformGlue IDL definition file for details of the methods available to Prism apps.

Currently, the webapp script also has access to full XPCOM functionality, just like a Firefox extension. This level of functionality is commonly called chrome-level privileges. It means that the script has a higher level of privilege than scripts in the web content and has access to the file system, clipboard and other parts of the native OS.

Note: In the future, the webapp script may have lower privileges. We are looking into the security aspects of the higher privilege level.