308
edits
Security:Security Checks In Glue: Difference between revisions
Security:Security Checks In Glue (view source)
Revision as of 21:51, 12 September 2006
, 12 September 2006→Implementation notes
| Line 25: | Line 25: | ||
= Implementation notes = | = Implementation notes = | ||
The most straightforward way to do this would be the following: | |||
# Ditch XPConnect for DOM classes. Use glue code, automatically generated as needed, instead. Do some security checks in the glue. | |||
# Do the remaining security checks at the very beginning of the DOM methods themselves, but only if the method is the one that's currently being called by the glue (that is, method name and |this| pointer match). This doesn't handle reentry of the method from other parts of the code while it's being called... not sure what we can do about that. This could probably be done without ditching XPConnect, if we used the XPCCallContext stack or something to check what the currently-called method is. | |||