874
edits
Labs/Jetpack/JEP/25: Difference between revisions
added Jetpack With Capabilities section
(added section on Jetpack sample code) |
(added Jetpack With Capabilities section) |
||
| Line 106: | Line 106: | ||
In the above case, <tt>foo.bar()</tt> will be readable (but not writable) from Jetpacks that import the above module via a call to <tt>require()</tt>, but <tt>foo.baz</tt> will not be accessible at all. | In the above case, <tt>foo.bar()</tt> will be readable (but not writable) from Jetpacks that import the above module via a call to <tt>require()</tt>, but <tt>foo.baz</tt> will not be accessible at all. | ||
=== Jetpack With Capabilities === | |||
If a Jetpack has capabilities associated with it, a Chrome Booster should be able to introspect into them and provide attenuated functionality based on said capabilities: | |||
<pre class="brush:js;"> | |||
var caps = require('caps'); | |||
exports.foo = { | |||
__exposed__ = {bar: 'r'}, | |||
bar: function bar() { | |||
if (caps.has('file:read')) { | |||
var fileObj = getSomeFile(); | |||
if (caps.has('file:write')) { | |||
return fileObj; | |||
} | |||
return fileObj.makeReadOnly(); | |||
} | |||
throw new SecurityError('Permission denied.'); | |||
}, | |||
baz: 5 | |||
}; | |||
</pre> | |||
Exactly how capabilities are specified for Jetpack—e.g., whether done explicitly by Jetpack authors or implicitly via static analysis—is outside the scope of this document. | |||
== Reference Implementation == | == Reference Implementation == | ||