Cesar’s Vanilla Blog

White and creamy wtf

Refractor, aka prism-ext, aka Prism for Firefox, aka…

Whatever you call it1, it is finally here (yeah, this is coming a few days late. But if it wasn’t so high on my to-do list, this would come 2 weeks later). Congratulations to everyone who helped push this release. Mozilla Labs did a good job of outlining the features, though only briefly mentioned one of the most valuable (this is subject here) feature of the extension: easier webapp distribution.

Refractor makes use of the link tag in web pages to identify webapps. The line itself is quite simple

<link href="gmail.webapp" rel="webapp" title="Google Mail">
Yeah, no </link> or />. That’s HTML for ya’!

Not to say that sharing webapps before was in any way difficult, but I think being happily notified is nicer than finding and downloading and running and installing. Especially if there is a lot to try.

There are still some things left to be done. I want to see

  1. Recommend addons/plugins with certain webapps (ie. google gears with google reader for offline support, flash for youtube)
  2. Choose website styles/themes
  3. World Domination

I would also like to see some things done to Prism :

  1. Greater interaction with the desktop. I want to double-click a odt and open it up in google docs. No excuses!
  2. Linux requirements says that hal and dbus are required. Maybe we can do something cool here with webapp.js?
  3. Allow people to change their preferences such as proxy and access things like password manager

This is a prototype, with plenty of bugs (I found one just doing this post), but we fix them as we get them.
[1]Refractor, if I recall the story correctly, was coined by Mark Finkle as it reminded him of what happens when light hits a prism : it refracts. Well, it was certainly more creative than prism-ext, while being less obtuse then Abbe prism.

Update : Thanks Percy Cabello for pointing out a mistake


March 12, 2008 - Posted by | Mozilla, Seneca | , ,


  1. That’s a great feature. Just tried it but found it must be rel=”webapp” to work.

    Comment by Percy Cabello | March 12, 2008 | Reply

  2. Psst… Google Gears crashes Firefox 3 betas (including Prism I assume… it crashes the Firefox Add-on version at least!).

    Also Google Gears is a bit hard to get working in Prism to even see it crash. Basically you have to copy C:\Program Files\Google\Google Gears\Firefox to %APPDATA%\Mozilla\Firefox\Profiles\.\extensions\refractor@*\extensions\{000a9d1c-beef-4f90-9363-039d445309b8}

    {000a9d1c-beef-4f90-9363-039d445309b8} being Google Gear’s extension GUID thing.

    There’s some blog post about doing it differently keeping the original folder but it only applies to the old Prism… the extension version seems to ignore the Firefox extensions registry key Google Gears uses to tell Firefox where it is, and I couldn’t see how to add arbitrary folders as extensions into Refractor through the registry.

    Comment by Dan | March 12, 2008 | Reply

  3. let me get this straight. After so many years of trying to get people aware that “installing” software off the web is a very dangerous habit and that simply using Explorer is a security risk in itself because of – as much as any other reason – that ActiveX beast, we are now encouraging people to download applications even easier (there appears no UI to really distinguish between downloading a webapp and bookmarking RSS) than ever before.


    Instead of developing an easy method for web site developers (like CMS authors such as myself) to bundle up a single-site (more secure) environment as an alternative to Exploder, which users can install through a proper installer (with all appropriate security warnings and license agreement sign-offs) procedure that many are familiar with, we are encouraging people to one-click install potentially harmful applications. Yay!

    Can’t wait to see all the fishing sites add a 50 pixel high grey div at the top of their sites prompting users to “install this on your desktop in one easy click” and before you know it, the average joe’s machine is the next node on a botnet.

    Comment by an0n1 m0us | March 12, 2008 | Reply

  4. anonymous: except there’s no real installation here at all. Prism just runs your webapps in a separate window, still on the web. No less secure than running them in your web browser.

    Comment by Ted Mielczarek | March 12, 2008 | Reply

  5. Great! Correct me if I’m wrong but doesn’t code in webapp.js run with chrome privileges?
    Webapps can become a lot more if they are able to access the filesystem, do xss or use drawWindow with no restrictions and I’m in favor of them being able to but there has to be a way to restrict them. Ideally they’d run with web privileges and only be able to use specific and sandboxed (i.e. only files in the webapp’s folder) features.

    Comment by -dis | March 12, 2008 | Reply

  6. -dis: Correct, webapp.js runs with full chrome privileges (this was always a concern). It was never a closely held secret either, it’s on devmo.

    I don’t think the security threat is as big a problem as people are claiming it to be. It does not install a webapp by itself without first prompting the user if they want to install it. This is not a whole lot different from installing an extension on a non-AMO webpage (the very fact that it is on AMO would suggest a more peer-reviewed, quality extension. But that’s not always the case). I suppose the real concern must be that we should have a large modal dialog box warning people of malicious content. That can always be a future enhancement.

    Comment by Cesar Oliveira | March 12, 2008 | Reply

  7. Cesar: OK but maybe us users should be able to distinguish between “possibly dangerous” webapps and plain webpage apps (no webapp.js). A simple webapp bundle that only includes a customized icon, title etc but no .js should be safe and should be treated like a bookmark or a feed.

    Comment by -dis | March 13, 2008 | Reply

  8. cesar, I cant see “install this webapp in your desktop using prism” banner if I am on to gmail with refractor installed. Should I ?

    Comment by tonikitoo | March 13, 2008 | Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: