874
edits
Changes
added Jetpack With Capabilities section
In the above case, <tt>foo.bar()</tt> will be readable (but not writable) from Jetpacks that import the above module via a call to <tt>require()</tt>, but <tt>foo.baz</tt> will not be accessible at all.
=== Jetpack With Capabilities ===
If a Jetpack has capabilities associated with it, a Chrome Booster should be able to introspect into them and provide attenuated functionality based on said capabilities:
<pre class="brush:js;">
var caps = require('caps');
exports.foo = {
__exposed__ = {bar: 'r'},
bar: function bar() {
if (caps.has('file:read')) {
var fileObj = getSomeFile();
if (caps.has('file:write')) {
return fileObj;
}
return fileObj.makeReadOnly();
}
throw new SecurityError('Permission denied.');
},
baz: 5
};
</pre>
Exactly how capabilities are specified for Jetpack—e.g., whether done explicitly by Jetpack authors or implicitly via static analysis—is outside the scope of this document.
== Reference Implementation ==