Search completed in 1.15 seconds.
10 results for "Components.utils.evalInSandbox":
Components.utils.evalInSandbox
MozillaTechXPCOMLanguage BindingsComponents.utils.evalInSandbox
mysandbox.double = double; var result = components.utils.evalinsandbox("x = y + 2; double(x) + 3", mysandbox); console.log(result); // 17 console.log(mysandbox.x); // 7 operations on objects you insert into this sandbox global scope do not carry privileges into the sandbox: mysandbox.foo = components; // this will give a "permission denied" error components.utils.evalinsandbox("foo.classes", mysandbox); optional arguments you can optionally ...
...for instance: var x = components.utils.evalinsandbox( "let x = 1;", sandbox, "1.8", // "latest" is recognized as a special case "http://foo.com/mycode.js", 25 ); the above will execute code using javascript 1.8.
Appendix D: Loading Scripts - Archive of obsolete content
ArchiveAdd-onsOverlay ExtensionsXUL SchoolAppendix D: Loading Scripts
<?xml version="1.0" encoding="utf-8"?> <!doctype overlay> <overlay id="script-overlay" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"> <script type="application/javascript;version=1.8" src="overlay.js"/> </overlay> evalinsandbox the components.utils.evalinsandbox method may be used to load arbitrary code into components.utils.sandbox objects.
... wantxrays: true }); // the script that will be executed: let script = string(); // evaluate the script: components.utils.evalinsandbox(script, sandbox, // the javascript version "1.8", // the apparent script filename: "zz-9://plural/zed/alpha", // the apparent script starting line number: 42); the following code will execute a simple script loa...
...rip off any prefixes added by the sub-script loader // and the trailing filename let directory = file.replace(/.* -> |[^\/]+$/g, ""); let scriptname = directory + name; // read the script let xmlhttp = xmlhttprequest("get", scriptname, false); xmlhttp.overridemimetype("text/plain"); xmlhttp.send(); let script = xmlhttp.textcontent; // evaluate the script: components.utils.evalinsandbox(script, sandbox, "1.8", scriptname, 0); } // use the current global object.
Xray vision
MozillaTechXray vision
tate that is separate from their javascript representation, so the xray implementation can go straight to the c++ state and guarantee that the object will behave as its specification defines: // chrome code var sandboxscript = 'date.prototype.getfullyear = function() {return 1000};' + 'var date = new date(); '; var sandbox = components.utils.sandbox("https://example.org/"); components.utils.evalinsandbox(sandboxscript, sandbox); // date objects are xrayed console.log(sandbox.date.getfullyear()); // -> 2014 // but you can waive xray vision console.log(components.utils.waivexrays(sandbox.date).getfullyear()); // -> 1000 to test out examples like this, you can use the scratchpad in browser context for the code snippet, and the browser console to see the expected output.
... ' value: "smith"' + '});' + 'object.defineproperty(me, "middlename", {' + ' enumerable: true,' + ' configurable: true,' + ' get: function() { return "wait, is this really a getter?"; }' + '});'; var sandbox = components.utils.sandbox("https://example.org/"); components.utils.evalinsandbox(sandboxscript, sandbox); // 1) trying to access properties in the prototype that have been redefined // (non-own properties) will show the original 'native' version // note that functions are not included in the output console.log("1) property redefined in the prototype:"); console.log(sandbox.me.tosource()); // -> "({firstname:"joe", address:{street:"main street"}, lastname:"smith"})" // 2) tr...
Downloading JSON and JavaScript in extensions - Archive of obsolete content
ArchiveAdd-onsDownloading JSON and JavaScript in extensions
sandboxing is done using components.utils.evalinsandbox().
Security best practices in extensions - Archive of obsolete content
ArchiveAdd-onsSecurity best practices in extensions
one of the best ways to do this is to use components.utils.evalinsandbox().
Index
MozillaTechXPCOMIndex
34 components.utils.evalinsandbox add-ons, developing mozilla, extensions, javascript, xpcom:language bindings, xpconnect the evalinsandbox() function enables you to evaluate javascript code inside a sandbox you've previously created using the components.utils.sandbox constructor.
Components.utils.Sandbox
MozillaTechXPCOMLanguage BindingsComponents.utils.Sandbox
crypto rtcidentityprovider fetch (added in firefox 41) caches filereader for example: var sandboxscript = 'var encoded = btoa("hello");' + 'var decoded = atob(encoded);'; var options = { "wantglobalproperties": ["atob", "btoa"] } var sandbox = components.utils.sandbox("https://example.org/", options); components.utils.evalinsandbox(sandboxscript, sandbox); console.log(sandbox.encoded); // "sgvsbg8=" console.log(sandbox.decoded); // "hello" wantxhrconstructor this option was removed in gecko version 26.
Language bindings
MozillaTechXPCOMLanguage Bindings
it returns a reference to the clone:components.utils.createobjectincomponents.utils.createobjectin creates a new javascript object in the scope of the specified object's compartment.components.utils.evalinsandboxthe evalinsandbox() function enables you to evaluate javascript code inside a sandbox you've previously created using the components.utils.sandbox constructor.components.utils.evalinwindowthis function enables code running in a more-privileged javascript context to evaluate a string in a less-privileged javascript context.
Using IndexedDB in chrome
MozillaTechXPCOMUsing IndexedDB in chrome
be available in it, use the wantglobalproperties option in the sandbox constructor: var options = { "wantglobalproperties": ["indexeddb"] } var principal = cc["@mozilla.org/systemprincipal;1"].createinstance(ci.nsiprincipal); var sandbox = components.utils.sandbox(principal, options); // the sandbox will have access to indexeddb var sandboxscript = 'var req = indexeddb.open("my-database");'; components.utils.evalinsandbox(sandboxscript, sandbox); before firefox 33, you would access indexeddb from chrome code using the initwindowless method of the nsiindexeddatabasemanager service.
eval() - JavaScript
WebJavaScriptReferenceGlobal Objectseval
this advice applies mainly to extensions and xul applications, which can use components.utils.evalinsandbox for this.