MozillaWiki

XPConnect Chrome Object Wrappers

Revision as of 19:06, 16 September 2009 by Varmaa (talk | contribs) (Origination)

Introduction

Chrome Object Wrappers, or COWs for short, allow privileged code to securely expose some subset of its functionality to untrusted or semi-trusted content.

Usage

COWs are always created automatically whenever an object passes through a trust boundary. For instance, assume the following chrome-privileged code: 

var sandbox = Components.utils.Sandbox("http://www.mozilla.org");
sandbox.foo = function foo(x) { /* ... */ };
var result = Components.utils.evalInSandbox("foo({bar: 5});");

In the above example, foo() is wrapped by a COW when accessed by sandboxed code executed via Components.utils.evalInSandbox().

Retrieved from "https://wiki.mozilla.org/index.php?title=XPConnect_Chrome_Object_Wrappers&oldid=168811"