XPConnect Chrome Object Wrappers: Difference between revisions
Jump to navigation
Jump to search
(Origination) |
(Origination) |
||
| Line 1: | Line 1: | ||
== Introduction == | |||
Chrome Object Wrappers, or COWs for short, allow privileged code to securely expose some subset of its functionality to untrusted or semi-trusted content. | Chrome Object Wrappers, or COWs for short, allow privileged code to securely expose some subset of its functionality to untrusted or semi-trusted content. | ||
== Usage == | |||
COWs are always created automatically whenever an object passes through a trust boundary. For instance, assume the following chrome-privileged code: | |||
<pre class="brush:js;"> | |||
var sandbox = Components.utils.Sandbox("http://www.mozilla.org"); | |||
sandbox.foo = function foo(x) { /* ... */ }; | |||
var result = Components.utils.evalInSandbox("foo({bar: 5});"); | |||
</pre> | |||
In the above example, <tt>foo()</tt> is wrapped by a COW when accessed by sandboxed code executed via <tt>Components.utils.evalInSandbox()</tt>. | |||
Revision as of 19:06, 16 September 2009
Introduction
Chrome Object Wrappers, or COWs for short, allow privileged code to securely expose some subset of its functionality to untrusted or semi-trusted content.
Usage
COWs are always created automatically whenever an object passes through a trust boundary. For instance, assume the following chrome-privileged code:
var sandbox = Components.utils.Sandbox("http://www.mozilla.org");
sandbox.foo = function foo(x) { /* ... */ };
var result = Components.utils.evalInSandbox("foo({bar: 5});");
In the above example, foo() is wrapped by a COW when accessed by sandboxed code executed via Components.utils.evalInSandbox().