Labs/Jetpack/Binary Components: Difference between revisions

Labs/Jetpack/Binary Components (view source)

753 bytes added , 28 July 2009

added security notes

93

edits

@@ Line 17: / Line 17: @@
 The source code for this functionality is in [http://hg.mozilla.org/labs/jetpack/file/tip/components/src/wrapper.cpp wrapper.cpp].
+=== Security Concerns ===
+Note that the Flexible Membrane functionality is intended primarily for prototyping purposes; its use is discouraged for production code for two reasons:
+# The membrane methods have a tendency to get called very frequently, and as a result, implementing them in JavaScript is likely to not be efficient.
+# JavaScript is an inherently dynamic language, and it's very hard to predict what all the possible outcomes of JavaScript code for a membrane might be.  Because of this, it's hard to code review a Flexible Membrane for security vulnerabilities.
+Because of these concerns, it's advised that any flexible membranes be re-written in C++ before being reviewed for security and placed in production code.
+=== Functions ===
 <code>nsJetpack.</code>'''wrap'''(''wrappee'', ''membrane'')
@@ Line 53: / Line 64: @@
 ::This is essentially a JavaScript version of [https://developer.mozilla.org/En/SpiderMonkey/JSAPI_Reference/JSPropertyOp JSClass.delProperty]; alternatively, it could be described as the analog of Python's <code>__delattr__</code> magic method. ''name'' is the name of the property being deleted.  This function should return <code>true</code> if the property can be deleted, and <code>false</code> if not.
 === unwrap() ===