874
edits
XPConnect Chrome Object Wrappers: Difference between revisions
XPConnect Chrome Object Wrappers (view source)
Revision as of 21:28, 16 September 2009
, 16 September 2009added more
(Origination) |
(added more) |
||
| Line 2: | Line 2: | ||
Chrome Object Wrappers, or COWs for short, allow privileged code to securely expose some subset of its functionality to untrusted or semi-trusted content. | Chrome Object Wrappers, or COWs for short, allow privileged code to securely expose some subset of its functionality to untrusted or semi-trusted content. | ||
The COW is actually the final step in an epic quest to make the interaction between chrome and content as natural and secure as possible by encasing JavaScript objects in "membranes" that mediate access between their object and the outside world. Before reading the rest of this document, you should be familiar with the story so far, which is explained in detail at [https://developer.mozilla.org/En/XPConnect_wrappers XPConnect wrappers]. | |||
== Usage == | == Usage == | ||
| Line 13: | Line 15: | ||
</pre> | </pre> | ||
In the above example, <tt>foo()</tt> is wrapped by a COW when accessed by sandboxed code executed via <tt>Components.utils.evalInSandbox()</tt>. | In the above example, <tt>foo()</tt> is wrapped by a COW when accessed by sandboxed code executed via <tt>Components.utils.evalInSandbox()</tt>. The object <tt>{bar: 5}</tt> is wrapped in an <tt>XPCSafeJSObjectWrapper</tt> before being passed into <tt>foo()</tt>, and whatever is returned from <tt>foo()</tt> and placed in <tt>result</tt> is usually wrapped in a COW as well. | ||