Note since Webconverger 11 you can switch these options from the boot command line.

iceweasel-webconverger

Default and most common.

iceweasel-webconverger

iceweasel-webcnoaddressbar

Customization option. For customers who want patrons to browse, but not enter in URLs.

iceweasel-webcnoaddressbar

boot option webcchrome=noaddress

iceweasel-webcfullscreen

Customization option. For customers who want to do Digital signage or just show off some pictures somewhere.

iceweasel-webcfullscreen

If you're concerned about the scroll bar, alter the overflow CSS element.

boot option webcchrome=fullscreen

Implementation

We have forked rkiosk and created our own extension, (iceweasel-)webconverger. We had to do this as I had to modify some of upstream's packaging and functions. Upstream was also a little un-cooperative.

BrowserLoadURL broken

Overriding BrowserLoadURL in this kiosk extension was use to stop access to:

  • file://
  • about:
  • resource:

File browsing is not really a security problem, though some people perceive it to be, therefore file:// should be disallowed.

BrowserLoadURL does not work in Firefox 3.5

This issue has been raised on mozillazine, however the fixes involve hacking browser.jar instead of overriding it with browser.xul, as what extensions should be doing. The final suggestion of fixing the local file browsing issue elegantly with CSS with:

@-moz-document url-prefix(file://) {
html > body { visibility: hidden !important;
}

Does not work in my tests. :(

https://bugzilla.mozilla.org/show_bug.cgi?id=524951

Disabling keys

Keys combinations like CTRL+G, CTRL+J, CTRL+K, CTRL+L, and ALT+D, can be used to get to Google in webcnoaddressbar & webcfullscreen.

Dorando proposes:

var keys = ["key_findAgain", "key_openDownloads", "key_search", "focusURLBar", "focusURLBar2"];
for(var i = 0; i < keys.length; i++) {
    var key = document.getElementById(keys[i]);
    if(!key)
        continue;

    key.setAttribute("key",""); key.removeAttribute("charcode"); key.removeAttribute("keycode");

    var menuitems = document.getElementsByAttribute("key",key.id);
    for(var j = 0; j < menuitems.length; j++) {
        menuitems[j].setAttribute("acceltext","");
        menuitems[j].removeAttribute("acceltext");
    }
}

var keyset = document.getElementById("mainKeyset");
keyset.parentNode.insertBefore(keyset, keyset.nextSibling);

You can also just set the disabled attribute on the , but keyconfig wont consider those as disabled as that attribute is used to temporarily disable some s (see http://hg.mozilla.org/mozilla-central/diff/88952ceddd05/browser/base/content/tabbrowser.xml for example).

These patch needs to be introduced into https://github.com/Webconverger/iceweasel-webconverger

Test the extension on your Firefox browser

http://webconverger.com/xpis

This will lock down the browser and you'll need to use the firefox --safe-mode to remove it.

The best way of installing and removing this extension is with:

deb http://debian.webconverger.com/ squeeze/
deb-src http://debian.webconverger.com/ squeeze/

in your /etc/apt/sources.list and the apt-get install iceweasel-webconverger on a Debian machine.

Slideware

"iceweasel-fullerscreen" is the name of the package of Daniel Glazman's FullerScreen extension. It is good particularly for slideshows, though not digital signage as 'FullerScreen' does not allow Flash movies to go fullscreen.

Further Links