Search completed in 1.01 seconds.
Components.utils.Sandbox
components.utils.
sandbox is used to create a
sandbox object for use with evalin
sandbox().
... creating a
sandbox to create a new
sandbox, call components.utils.
sandbox: var
sandbox = components.utils.
sandbox(principal[, options]); using new components.utils.
sandbox(...) to create a
sandbox has the same effect as calling
sandbox(...) without new.
... the created
sandbox is simply an empty javascript object marked as having been created by the restricted privilege principal.
...And 33 more matches
loader/sandbox - Archive of obsolete content
experimental create javascript
sandboxes and execute scripts in them.
... usage create a
sandbox to create a
sandbox: const {
sandbox, evaluate, load } = require("sdk/loader/
sandbox"); let scope =
sandbox('http://example.com'); the argument passed to the
sandbox defines its privileges.
... the argument may be: a url string, in which case the
sandbox will get the same privileges as a script loaded from that url a dom window object, to inherit privileges from the window being passed.
...And 11 more matches
Components.utils.evalInSandbox
the evalin
sandbox() function enables you to evaluate javascript code inside a
sandbox you've previously created using the components.utils.
sandbox constructor.
... note: it's not safe to use evalin
sandbox() to evaluate json strings; instead, use the techniques discussed in the article on json.
... use to use evalin
sandbox(), you must first create a
sandbox object using its constructor, components.utils.
sandbox.
...And 6 more matches
CSP: sandbox - HTTP
the http content-security-policy (csp)
sandbox directive enables a
sandbox for the requested resource similar to the <iframe>
sandbox attribute.
... syntax content-security-policy:
sandbox; content-security-policy:
sandbox <value>; where <value> can optionally be one of the following values: allow-downloads-without-user-activation allows for downloads to occur without a gesture from the user.
... allow-popups-to-escape-
sandbox allows a
sandboxed document to open new windows without forcing the
sandboxing flags upon them.
...And 3 more matches
Creating Sandboxed HTTP Connections
introduction starting with gecko 1.8.1 (firefox 2), it is possible to create
sandboxed http connections which don't affect the user's cookies.
... these methods provide all the required functionality needed to modify cookies before they are processed/sent, allowing for
sandboxed cookie connections that don't affect the user's cookies.
Appendix D: Loading Scripts - Archive of obsolete content
<?xml version="1.0" encoding="utf-8"?> <!doctype overlay> <overlay id="script-overlay" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"> <script type="application/javascript;version=1.8" src="overlay.js"/> </overlay> evalin
sandbox the components.utils.evalin
sandbox method may be used to load arbitrary code into components.utils.
sandbox objects.
... advantages namespacing: since scripts executed via evalin
sandbox run in a defined namespace, global namespace contamination and the resultant extension compatibility issues are not usually a problem.
... flexibility: the evalin
sandbox method accepts several parameters, including the url, line number, and javascript version of the file from which the code being evaluated was extracted.
...And 23 more matches
Xray vision
as well as these two levels of privilege, chrome code can create
sandboxes.
... the security principal defined for the
sandbox determines its privilege level.
... if an expanded principal is used, the
sandbox is granted certain privileges over content code and is protected from direct access by content code.
...And 9 more matches
New Security Model for Web Services - Archive of obsolete content
securing resources from untrusted scripts behind firewalls introduction this page describes an alternative mechanism which can be used to protect all internal resources against requests from
sandboxed scripts.
...when an attempt is made to access a resource at a previously-unknown uri, the
sandbox reads a file at that domain with declarations to determine whether access is permitted to the script.
... the problem external untrusted scripts loaded behind a firewall are executed in a
sandbox.
...And 8 more matches
Security best practices in extensions - Archive of obsolete content
one of the best ways to do this is to use components.utils.evalin
sandbox().
... note that objects passed into the
sandbox are restricted, but objects that come back out from it are not.
...for more information, refer to the evalin
sandbox section.
...And 7 more matches
JSAPI User Guide
one way to keep user a from accessing user b's sensitive data or dangerous functions is to keep each user's code in a separate
sandbox.
...how can a malicious script get a reference to an object from another
sandbox?
...even global variables are per-
sandbox.
...And 7 more matches
nsIXPConnect
void clearallwrappednativesecuritypolicies(); nsixpconnectjsobjectholder create
sandbox(in jscontextptr cx, in nsiprincipal principal); native code only!
... void debugdumpjsstack(in prbool showargs, in prbool showlocals, in prbool showthisprops); void debugdumpobject(in nsisupports acomobj, in short depth); [noscript,notxpcom] prbool definedomquickstubs(in jscontextptr cx, in jsobjectptr proto, in pruint32 flags, in pruint32 interfacecount, [array, size_is(interfacecount)] in nsiidptr interfacearray); jsval evalin
sandboxobject(in astring source, in jscontextptr cx, in nsixpconnectjsobjectholder
sandbox, in prbool returnstringonly); native code only!
... exceptions thrown missing exception missing description native code only!create
sandbox create a
sandbox for evaluating code in isolation using evalin
sandboxobject().
...And 7 more matches
Content Processes - Archive of obsolete content
as explained earlier, firefox doesn't yet use separate processes for tabs or add-ons, so instead, each content script is loaded in a
sandbox.
...
sandboxes were explained this article.
... accessing the dom the global for the content
sandbox has the window object as its prototype.
...And 6 more matches
/loader - Archive of obsolete content
secure each module in an isolated js
sandbox and makes any capability imports explicit via calls to the require() function.
... globals each module loaded via the loader instance is secured in own js
sandbox.
... load() the load() function takes loader and loads the given module into it: let loader = loader(options); let module = module('foo/bar', 'resource:///modules/foo/bar.js'); load(loader, module);
sandbox() the
sandbox() function is a utility function for creating js
sandboxes.
...And 6 more matches
Modules - Archive of obsolete content
this is made possible by the use of
sandboxes.
... each
sandbox lives in its own compartment.
...we will show how
sandboxes and compartments can be used to improve security in our module system.
...And 5 more matches
From object to iframe — other embedding technologies - Learn web development
say you wanted to include the mdn glossary on one of your web pages — you could try something like this: <iframe src="https://udn.realityripple.com/docs/glossary" width="100%" height="500" frameborder="0" allowfullscreen
sandbox> <p> <a href="https://udn.realityripple.com/docs/glossary"> fallback link for browsers that don't support iframes </a> </p> </iframe> this example includes the basic essentials needed to use an <iframe>: allowfullscreen if set, the <iframe> is able to be placed in fullscreen mode using the full screen api (somewhat beyond scope for this article.) frameborder if set to 1,...
...
sandbox this attribute, which works in slightly more modern browsers than the rest of the <iframe> features (e.g.
... always use the
sandbox attribute you want to give attackers as little power as you can to do bad things on your website, therefore you should give embedded content only the permissions needed for doing its job.
...And 5 more matches
Index - Web APIs
such a set is returned by element.classlist, htmllinkelement.rellist, htmlanchorelement.rellist, htmlareaelement.rellist, htmliframeelement.
sandbox, or htmloutputelement.htmlfor.
...you can develop apps which read, write, and create files and/or directories in a virtual,
sandboxed file system.
... 1330 file and directory entries api support in firefox api, chrome, compatibility, file system api, file and directory entries api, files, firefox, guide, offline, web compatibility, google, google chrome the original file system api was created to let browsers implement support for accessing a
sandboxed virtual file system on the user's storage device.
...And 4 more matches
<iframe>: The Inline Frame element - HTML: Hypertext Markup Language
sandbox applies extra restrictions to the content in the frame.
... allow-popups-to-escape-
sandbox: lets the
sandboxed document open new windows without those windows inheriting the
sandboxing.
... for example, this can safely
sandbox an advertisement without forcing the same restrictions upon the page the ad links to.
...And 4 more matches
Tamarin Build System Documentation - Archive of obsolete content
tamarin-redux mercurial builds are displayed in the top 3 sections: compile, smoke, test
sandbox builds are displayed in next 3 sections:
sandbox compile,
sandbox smoke,
sandbox test tamarin-central is considered a "
sandbox" and will appear under
sandbox phase what are the build phases?
... checkins (hg push) to http://hg.mozilla.org/tamarin-redux and
sandbox requests will trigger a buildbot build when all build slaves are idle the next build begins before the build begins buildbot waits for 2 minutes of no checkin activity the build system prioritizes tamarin-redux checkins over
sandbox builds when several tamarin-redux checkins occur the newest change is built including all checkins since the last build each
sandbox build occurs in the order they we...
... how do i build a
sandbox build?
...And 3 more matches
How Mozilla's build system works
sandbox.py contains code for a generic python
sandbox.
... reader.py contains the code that defines the moz.build
sandbox (the mozbuild
sandbox class) and the code for traversing a tree of moz.build files (the buildreader class) by following dirs and tiers variables.
... a buildreader is instantiated with a configuration, is told to read the source tree, and then emits a stream of mozbuild
sandbox instances corresponding to the executed moz.build files.
...And 3 more matches
Introduction to the File and Directory Entries API - Web APIs
you can develop apps that can read, write, and create files and directories in a
sandboxed, virtual file system.
... sample use cases the following are just a few examples of how you can use the file and directory entries api: apps with persistent uploader when a file or directory is selected for upload, you can copy the file into a local
sandbox and upload a chunk at a time.
...nd directory entries api has asynchronous and synchronous versions when using the asynchronous api, always use the error callbacks the file and directory entries api interacts with other apis the file and directory entries api is case-sensitive the file and directory entries api is a virtual representation of a file system the api doesn't give you access to the local file system, nor is the
sandbox really a section of the file system.
...And 3 more matches
GC and CC logs
(the gc log will be the same size in either case.) with multiprocess firefox, you can't record logs from the content process, due to
sandboxing.
... you'll need to disable
sandboxing by setting moz_disable_content_
sandbox=t when you run firefox.
... from the commandline tldr: if you just want shutdown gc/cc logs to debug leaks that happen in our automated tests, you probably want something along the lines of: moz_disable_content_
sandbox=t moz_cc_log_directory=/full/path/to/log/directory/ moz_cc_log_shutdown=1 moz_cc_all_traces=shutdown ./mach ...
...And 2 more matches
Tamarin build documentation - Archive of obsolete content
tamarin buildbot tryserver the tryserver/
sandbox is setup to allow users to push any code changes that they would like to have tested in the automated build/test process prior to actually pushing the changes.
... the
sandbox is setup so that it is able to build and test branches that are based on either tamarin-central or tamarin-tracing.
...if you no longer want you
sandbox to build and it has not started yet, you can delete the build request from the queue from the request page.
... tryserver etiquette the
sandbox is not a good substitute for running the regression tests locally to catch obvious problems.
LocalFileSystem - Web APIs
the localfilesystem interface of the file system api gives you access to a
sandboxed file system.
... creating new storage you request access to a
sandboxed file system by calling window.requestfilesystem().
...(an older version of the api is described at managing html5 offline storage.) working within a single origin the file system is
sandboxed to a single origin.
...you access a
sandboxed file system by requesting a localfilesystem object using this global method, window.requestfilesystem().
Storage Access API - Web APIs
in addition,
sandboxed <iframe>s cannot be granted storage access by default for security reasons.
... the api therefore also adds the allow-storage-access-by-user-activation
sandbox token.
... the embedding website needs to add this to allow storage access requests to be successful, along with allow-scripts and allow-same-origin to allow it to call the api, and execute in an origin that can have cookies: <iframe
sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin"> ...
... extensions to <iframe>
sandbox the <iframe> element's
sandbox attribute has a new token, allow-storage-access-by-user-activation, which permits
sandboxed <iframe>s to use the storage access api to request storage access.
Window.prompt() - Web APIs
desktopmobilechromeedgefirefoxinternet exploreroperasafariandroid webviewchrome for androidfirefox for androidopera for androidsafari on iossamsung internetpromptchrome full support 1notes full support 1notes notes starting with chrome 46, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.edge full support 12firefox full support 1ie full support 4notes full support 4notes notes this function has no effect in the modern ui/metro version of internet explorer for window...
...desktop versions of ie do implement this function.opera full support 3notes full support 3notes notes starting with opera 33, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.safari full support 1webview android full support 1notes full support 1notes notes starting with webview 46, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.chrome android ...
... full support 18notes full support 18notes notes starting with chrome 46, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.firefox android full support 4opera android full support 10.1notes full support 10.1notes notes starting with opera 33, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.safari ios full support 1samsung internet android full support 1.0notes full support ...
... 1.0notes notes starting with samsung internet 5.0, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.legend full support full supportsee implementation notes.see implementation notes.
core/namespace - Archive of obsolete content
let
sandboxes = ns(); function widget(options) { let { element, contentscript } = options; let widget = object.create(widget.prototype); view.call(widget, options.element);
sandboxes(widget).
sandbox = cu.
sandbox(element.ownerdocument.defaultview); // ...
... } widget.prototype = object.create(view.prototype); widget.prototype.postmessage = function postmessage(message) { let {
sandbox } =
sandboxes(this);
sandbox.postmessage(json.stringify(json.parse(message))); ...
... delete
sandboxes(this).
sandbox; }; exports.widget = widget; in addition access to the namespace can be shared with other code by just handing them a namespace accessor function.
Tamarin Tracing Build Documentation - Archive of obsolete content
tamarin buildbot tryserver the tryserver/
sandbox is setup to allow users to push any code changes that they would like to have tested in the automated build/test process prior to actually pushing the changes.
... the
sandbox is setup so that it is able to build and test branches that are based on either tamarin-central or tamarin-tracing.
...description: self explanatory check the status of the build @ http://tamarin-builds.mozilla.org/
sandbox/ tryserver etiquette the
sandbox is not a good substitute for running the regression tests locally to catch obvious problems.
Limitations of chrome scripts
sandboxes you can create
sandboxes in the chrome or the content process.
...
sandboxes are often used as a safe way to manipulate web content, and if that's your goal, create the
sandbox in the content process.
... there is a shim for
sandboxes: if you make a
sandbox in the chrome process and give it content principals (by passing a cpow as the first argument to components.utils.
sandbox) then we'll actually make it in the content process.
Components.utils
evalin
sandbox() runs javascript code in a
sandbox, usually used to run code with restricted privileges.
... obsolete since gecko 45 the function was moved to threadsafechromeutils nuke
sandbox() recomputewrappers() to be called from js only.
... properties property type description
sandbox nsixpccomponents_utils_
sandbox creates
sandbox objects for use with evalin
sandbox().
LocalFileSystemSync - Web APIs
the localfilesystemsync interface of the file system api gives you access to a
sandboxed file system.
... basic concepts you can request access to a
sandboxed file system by requesting localfilesystemsync object from within a web worker.
...you access a
sandboxed file system by requesting a localfilesystemsync object from within a web worker using this global method, window.requestfilesystemsync().
Window.print() - Web APIs
desktopmobilechromeedgefirefoxinternet exploreroperasafariandroid webviewchrome for androidfirefox for androidopera for androidsafari on iossamsung internetprintchrome full support 1notes full support 1notes notes starting with chrome 46, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.edge full support 12firefox full support 1ie full support 5opera full support 6notes full support 6notes notes starting with opera 33, t...
...his method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.safari full support 1.1webview android full support 1notes full support 1notes notes starting with webview 46, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.chrome android full support 18notes full support 18notes notes starting with chrome 46, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.firefox android no support nonotes ...
... no support nonotes notes see bug 1247609.opera android full support 10.1notes full support 10.1notes notes starting with opera 33, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.safari ios full support 1samsung internet android full support 1.0notes full support 1.0notes notes starting with samsung internet 5.0, this method is blocked inside an <iframe> unless its
sandbox attribute has the value allow-modals.legend full support ...
Content-Security-Policy - HTTP
elements controlled by object-src are perhaps coincidentally considered legacy html elements and are not receiving new standardized features (such as the security attributes
sandbox or allow for <iframe>).
...
sandbox enables a
sandbox for the requested resource similar to the <iframe>
sandbox attribute.
... content security policy 1.0 obsolete defines connect-src, default-src, font-src, frame-src, img-src, media-src, object-src, report-uri,
sandbox, script-src, and style-src.
Jetpack Processes - Archive of obsolete content
create
sandbox() this creates a new javascript
sandbox and returns its global scope.
...evalin
sandbox(a
sandbox, ascript) evaluates the given script contents in the given
sandbox's global scope.
Useful Mozilla Community Sites - Archive of obsolete content
your extension begins in a
sandbox with limited access, and once you nominate it an editor will review it and see if it is appropriate for the public amo site, where everyone can see it and install it.
...you can still get a good number of downloads while being in the
sandbox.
Index - Archive of obsolete content
93 loader/
sandbox create javascript
sandboxes and execute scripts in them.
...so the extension will not be allowed to move out of the amo
sandbox.
Makefiles - Best practices and suggestions
dependency builds - a second invocation of make within a
sandbox should always be a nop.
...ts ##################################################### ## extra dep needed to synchronize parallel execution ##################################################### $(ts): $(ts)/.done $(ts)/.done: $(mkdir) -p $(dir $@) touch $@ # "clean" target garbage_dirs += $(ts) maintain clean targets - makefiles should be able to remove all content that is generated so "make clean" will return the
sandbox/directory back to a clean state.
Gecko Logging
e10s note when a content process is in
sandbox, it cannot write to stderr or any file.
... you may need to set preference security.
sandbox.content.level to 0 to see the log.
Limitations of frame scripts
security restrictions on file access processes that host remote content are isolated from the local system through a content security
sandbox.
... one of the functions of the
sandbox is to restrict access to the local file system by processes that host remote content.
Script security
normal content windows are globals, of course, but so are chrome windows,
sandboxes, workers, the contentframemessagemanager in a frame script, and so on.
...the add-on sdk runs content scripts in
sandboxes, which are initialized with an expanded principal, giving them elevated privileges with respect to the web content they operate on, but reduced privileges with respect to chrome.
Investigating leaks using DMD heap scan mode
the command you need to run firefox will look something like this: xpcom_mem_bloat_log=1 moz_cc_log_shutdown=1 moz_disable_content_
sandbox=t moz_cc_log_directory=$logdir moz_cc_log_process=content moz_cc_log_thread=main moz_dmd_shutdown_log=$logdir moz_dmd_log_process=tab ./mach run --dmd --mode=scan breaking this down: xpcom_mem_bloat_log=1: this reports a list of the counts of every object created and destroyed and tracked by the xpcom leak tracking system.
... moz_disable_content_
sandbox=t: this disables the content process
sandbox, which is needed because the dmd and cc log files are created directly by the child processes.
Introduction to the JavaScript shell
if object is specified, the code is executed in that object, treating it as a
sandbox.
... note: evalcx() is only useful for people doing deep internal work on the javascript engine, for testing evalin
sandbox-like environments in the shell.
Index
31 components.utils.
sandbox needsmarkupwork, reference, référence(2), xpcom:language bindings, xpconnect components.utils.
sandbox is used to create a
sandbox object for use with evalin
sandbox().
... 34 components.utils.evalin
sandbox add-ons, developing mozilla, extensions, javascript, xpcom:language bindings, xpconnect the evalin
sandbox() function enables you to evaluate javascript code inside a
sandbox you've previously created using the components.utils.
sandbox constructor.
Components.utils.createObjectIn
this function is made available as a global in
sandboxes which have the wantexporthelpers option set in the
sandbox() constructor.
... note that this function is now mostly obsolete when you are using
sandbox, because you can create an object in a different compartment using new.
Components.utils.importGlobalProperties
this function is not intended for
sandboxes but for system-privileged scopes.
... to import these objects into a
sandbox, use the wantglobalproperties option in the
sandbox constructor.
Components object
utils.evalin
sandbox runs javascript code in a
sandbox, usually used to run code with restricted privileges.
... utils.
sandbox creates
sandbox objects for use with evalin
sandbox.
Language bindings
it returns a reference to the clone:components.utils.createobjectincomponents.utils.createobjectin creates a new javascript object in the scope of the specified object's compartment.components.utils.evalin
sandboxthe evalin
sandbox() function enables you to evaluate javascript code inside a
sandbox you've previously created using the components.utils.
sandbox constructor.components.utils.evalinwindowthis function enables code running in a more-privileged javascript context to evaluate a string in a less-privileged javascript context.
...it is meant for use by extension developers who have exception handler blocks which want to "eat" an exception, but still want to report it to the console.components.utils.
sandboxcomponents.utils.
sandbox is used to create a
sandbox object for use with evalin
sandbox().components.utils.scheduleprecisegcthis method lets scripts schedule a garbage collection cycle.
Using IndexedDB in chrome
if you are creating a
sandbox, and want indexeddb to be available in it, use the wantglobalproperties option in the
sandbox constructor: var options = { "wantglobalproperties": ["indexeddb"] } var principal = cc["@mozilla.org/systemprincipal;1"].createinstance(ci.nsiprincipal); var
sandbox = components.utils.
sandbox(principal, options); // the
sandbox will have access to indexeddb var
sandboxscript = 'var req = indexeddb.
...open("my-database");'; components.utils.evalin
sandbox(
sandboxscript,
sandbox); before firefox 33, you would access indexeddb from chrome code using the initwindowless method of the nsiindexeddatabasemanager service.
FileSystem - Web APIs
instead you will have a "virtual drive" within the browser
sandbox.
... basic concepts there are two ways to get access to a filesystem object: you can directly ask for one representing a
sandboxed file system created just for your web app directly by calling window.requestfilesystem().
File and Directory Entries API - Web APIs
you can develop apps which read, write, and create files and/or directories in a virtual,
sandboxed file system.
... other interfaces localfilesystem gives you access to a
sandboxed file system.
HTMLIFrameElement - Web APIs
htmliframeelement.
sandbox is a domsettabletokenlist that reflects the
sandbox html attribute, indicating extra restrictions on the behavior of the nested content.
... the following properties have been added: srcdoc,
sandbox, and contentwindow.
Pointer Lock API - Web APIs
while iframes work by default, "
sandboxed" iframes block pointer lock.
... the ability to avoid this limitation, in the form of the attribute/value combination <iframe
sandbox="allow-pointer-lock">, is expected to appear in chrome soon.
Guides - Archive of obsolete content
modules learn about the module system used by the sdk (which is based on the commonjs specification), how
sandboxes and compartments can be used to improve security, and about the built-in sdk module loader, known as cuddlefish.
lang/type - Archive of obsolete content
the difference is that the type constructor can be from a scope that has a different top level object: for example, it could be from a different iframe, module or
sandbox.
net/xhr - Archive of obsolete content
finally, we need to also consider attenuating http/https requests such that they're "
sandboxed" and don't communicate potentially sensitive cookie information.
Developing for Firefox Mobile - Archive of obsolete content
ore/promise supported event/core supported event/target supported frame/hidden-frame supported frame/utils supported io/byte-streams supported io/file supported io/text-streams supported lang/functional supported lang/type supported loader/cuddlefish supported loader/
sandbox supported net/url supported net/xhr supported places/bookmarks not supported places/favicon not supported places/history not supported platform/xpcom supported preferences/service supported stylesheet/style supported stylesheet/utils supported system/environment supported ...
Index of archived content - Archive of obsolete content
core/namespace core/promise dev/panel event/core event/target frame/hidden-frame frame/utils fs/path io/byte-streams io/file io/text-streams lang/functional lang/type loader/cuddlefish loader/
sandbox net/url net/xhr places/bookmarks places/favicon places/history platform/xpcom preferences/event-target preferences/service remote/child remote/parent stylesheet/style stylesheet/utils system/child_process ...
Java in Firefox Extensions - Archive of obsolete content
the following approach is taken from the extension xquseme (note you must use the latest version, currently still in the
sandbox, as prior versions only worked with liveconnect before java 6 update 11) which borrows some of the code of the java firefox extension in order to grant full privileges to java within a firefox extension, but it is easier to understand and doesn't require creation of a xpcom component.
Extenders - Archive of obsolete content
manifest chief mechanism for allowing advanced api use within your jetpack superpowers similar to libraries, superpowers are for adding deeper platform coupling for your jetpack
sandboxes safely abstracts library interoperability issues so you don't have to worry about them future api interface method for including not yet finalized functionality in your jetpack ...
Tamarin Acceptance Testing - Archive of obsolete content
successfully build release and debug versions of the shell with the debugger enabled [info] successfully run the following test suites: acceptance test suite [info] self tests [info] submit a
sandbox build request to test against platforms that you may not have locally [info] available tamarin acceptance test suites actionscript acceptance tests: actionscript acceptance tests running tamarin acceptance tests abc assembler tests cmdline tests performance tests actionscript performance tests running tamarin performance tests built-in self tests ...
2006-10-27 - Archive of obsolete content
discussions evalin
sandbox and xmlhttprequest a discussion about writing something that calls a function defined by the page that the user is currently on chrome files and last modified date ways to retrieve the last modified date of a chrome file that may be in a jar or on the file system.
Common causes of memory leaks in extensions - Extensions
if a bootstrapped (restartless) extension fails to clean up event listeners when disabled or removed, the listeners will still reference the enclosing scope — usually the bootstrap.js
sandbox — and therefore keep that scope (and its enclosing compartment) alive until the window is unloaded.
bootstrap.js - Extensions
the script gets executed in a privileged
sandbox, which is cached until the extension is shut down.
Adding vector graphics to the Web - Learn web development
here's a quick review: <iframe src="triangle.svg" width="500" height="500"
sandbox> <img src="triangle.png" alt="triangle with three unequal sides" /> </iframe> this is definitely not the best method to choose: cons iframes do have a fallback mechanism, as you can see, but browsers only display the fallback if they lack support for iframes altogether.
Debugging on Windows
2>&1 | tee it may also be necessary to disable the content
sandbox (moz_disable_content_
sandbox=1 ./mach run ...).
Makefile - variables
moz_ variable description moz_auto_deps moz_build_app moz_build_projects build multiple projects in the same
sandbox.
Frame script environment
if you want other principals or when interacting with untrusted page scripts, you should use a
sandbox.
Frame script loading and lifetime
if you want to limit a script to the lifetime of a page you can create a
sandbox instead, where the current content page is used as prototype.
Performance
delayedframescript("resources://my-addon/framescript.js"); services.ppmm.removedelayedprocessscript("resources://my-addon/processcript.js"); services.mm.broadcastasyncmessage("my-addon:unload"); services.ppmm.broadcastasyncmessage("my-addon:unload"); } in the frame/process scripts: remove all kinds of listeners remove observer notifications remove custom categories and services nuke
sandboxes unload jsms restore content dom states where necessary, e.g.
DMD
note: to dump dmd data from content processes, you'll need to disable the
sandbox moz_dmd_shutdown_log must (currently) include the trailing separator (''/") post-processing dmd.py also takes options that control how it works.
Refcount tracing and balancing
note: due to an issue with the
sandbox on windows (bug 1345568), refcount logging currently requires the moz_disable_content_
sandbox environment variable to be set.
Statistics API
when logging to a file is used in combination with multi-process firefox (e10s) it is necessary to set security.
sandbox.content.level = 0, otherwise the content process will crash.
Using XPCOM Components
the xpcom component viewer the xpcom component viewer is an add-on you can install in your browser (in
sandbox, not available for now).
Components.utils.evalInWindow
this function is made available as a global in
sandboxes which have the wantexporthelpers option set in the
sandbox() constructor.
Components.utils.exportFunction
exportfunction() is made available as a global in
sandboxes which have the wantexporthelpers option set in the
sandbox() constructor.
Observer Notifications
http requests these are the topics that you can observe during a http request (see setting http request headers and creating
sandboxed http connections).
nsIParserUtils
the sanitizer is designed to protect against xss when sanitized content is inserted into a different-origin context without an iframe-equivalent
sandboxing mechanism.
WebIDL bindings
xpconnect
sandboxes doesn't see [securecontext] apis, but this may change in bug 1273687.
Mozilla
creating
sandboxed http connections starting with gecko 1.8.1 (firefox 2), it is possible to create
sandboxed http connections which don't affect the user's cookies.
DOMTokenList.supports() - Web APIs
example let iframe = document.getelementbyid('display'); if (iframe.
sandbox.supports('an-upcoming-feature')) { // support code for mystery future feature } else { // fallback code } if (iframe.
sandbox.supports('allow-scripts')) { // instruct frame to run javascript // // (note: this feature is well-supported; this is just an example!) // } specifications specification status comment credential management level 1 working draft...
DOMTokenList - Web APIs
such a set is returned by element.classlist, htmllinkelement.rellist, htmlanchorelement.rellist, htmlareaelement.rellist, htmliframeelement.
sandbox, or htmloutputelement.htmlfor.
Document.domain - Web APIs
exceptions securityerror an attempt has been made to set domain under one of the following conditions: the document is inside a
sandboxed <iframe> the document has no browsing context the document's effective domain is null the given value is not equal to the document's effective domain (or it is not a registerable domain suffix of it) the document-domain feature-policy is enabled examples getting the domain for the uri http://developer.mozilla.org/docs/web, this example sets currentdomain to the string "developer...
MediaDevices.getUserMedia() - Web APIs
the following are examples of situations in which getusermedia() is not permitted to be called: a document loaded into a
sandboxed <iframe> element cannot call getusermedia() unless the <iframe> has its
sandbox attribute set to allow-same-origin.
Using the Storage Access API - Web APIs
first of all, if the <iframe> is
sandboxed, the embedding website needs to add the allow-storage-access-by-user-activation
sandbox token to allow storage access requests to be successful, along with allow-scripts and allow-same-origin to allow it to call the api, and execute in an origin that can have cookies: <iframe
sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin"> ...
Window.requestFileSystem() - Web APIs
the non-standard window method requestfilesystem() method is a google chrome-specific method which lets a web site or app gain access to a
sandboxed file system for its own use.
init() - Web APIs
often, this is the outer window, but it may also be a
sandbox or backstage pass.
HTML5 - Developer guides
improvement in <iframe> using the
sandbox and srcdoc attributes, authors can now be precise about the level of security and the wished rendering of an <iframe> element.
Access-Control-Allow-Origin - HTTP
note: null should not be used: "it may seem safe to return access-control-allow-origin: "null", but the serialization of the origin of any resource that uses a non-hierarchical scheme (such as data: or file:) and
sandboxed documents is defined to be "null".
CSP: object-src - HTTP
elements controlled by object-src are perhaps coincidentally considered legacy html elements and aren't receiving new standardized features (such as the security attributes
sandbox or allow for <iframe>).
Index - HTTP
46 csp:
sandbox csp, directive, http, security the http content-security-policy (csp)
sandbox directive enables a
sandbox for the requested resource similar to the <iframe>
sandbox attribute.
HTTP Index - HTTP
97 csp:
sandbox csp, content-security-policy, directive, http,
sandbox, security the http content-security-policy (csp)
sandbox directive enables a
sandbox for the requested resource similar to the <iframe>
sandbox attribute.
eval() - JavaScript
this advice applies mainly to extensions and xul applications, which can use components.utils.evalin
sandbox for this.