XPConnect Chrome Object Wrappers: Difference between revisions

XPConnect Chrome Object Wrappers (view source)

Revision as of 21:05, 18 September 2009

321 bytes added , 18 September 2009

resolved some TODOs as per conversation w/ mrbkap

Varmaa

874

edits

@@ Line 32: / Line 32: @@
 The metadata attached to <tt>foo()</tt>, <tt>__callableByContent__</tt>, is used to explicitly declare that the function its attached to can be called from content.  This is necessary for security purposes; if a function that's only ever intended to be called from trusted code ever accidentally "falls into the wrong hands", we don't want untrusted code to be able to exploit it.
-'''TODO:''' What kind of exception should be raised when a function without <tt>__callableByContent__</tt> is called from content?  Or should it be a null-op and thus fail silently?
+If a function without <tt>__callableByContent__</tt> is called from content, a JS <tt>Error</tt> is raised with the text "function is not callable from content".
 === COWing Objects ===
@@ Line 61: / Line 61: @@
 In the above example, <tt>MyObj.foo()</tt> can be accessed but not assigned to&mdash;and <tt>foo()</tt> itself is callable from content, since <tt>__callableByContent__</tt> is set&mdash;and <tt>MyObj.bar</tt> is both readable and writable, while <tt>MyObj.baz</tt> can't be accessed at all.
+If any property is accessed that isn't in <tt>__callableByContent__</tt>&mdash;even if the property doesn't even exist on the original object&mdash;then a JS <tt>Error</tt> is raised with the text "property not accessible from content".
+'''TODO:''' How does enumeration on the wrapped object work, e.g. "<tt>for (name in object) {}</tt>"?
 '''TODO:''' What should the default <tt>toString()</tt> method of a COW'ed object with no metadata yield?

XPConnect Chrome Object Wrappers: Difference between revisions

XPConnect Chrome Object Wrappers (view source)

Revision as of 21:05, 18 September 2009

Navigation menu

Search