JSClass.checkAccess
Table of contents
- 1. Syntax
- 2. Description
The JSClass.checkAccess callback is called when a script attempts to access an object property. The callback can deny the script access to the property.
JSCheckAccessOp is the type of the callback. (It is also the type of the callback set by JS_SetCheckObjectAccessCallback.)
Syntax
typedef JSBool (*JSCheckAccessOp)(JSContext *cx, JSObject *obj, jsval id, JSAccessMode mode, jsval *vp);
| Name | Type | Description |
|---|---|---|
cx |
JSContext * |
The JS context in which the property access attempt is occurring. |
obj |
JSObject * |
The object whose properties are being accessed. |
id |
jsval |
The name or index of the property being accessed. |
mode |
JSAccessMode |
The type of access being checked. |
vp |
jsval * |
Out parameter. On success, the callback must set *vp to the stored value of the property. |
Description
Check whether obj[id] may be accessed per mode, returning JS_FALSE on error/exception, JS_TRUE on success with obj[id]'s stored value in *vp. As for JSPropertyOp, id is either a string or an int jsval.
See JSObjectOps.checkAccess for the JSObjectOps counterpart, which takes a jsid (a tagged int or aligned, unique identifier pointer) rather than a jsval. The native js_ObjectOps.checkAccess simply forwards to the object's clasp->checkAccess, if any, so that both JSClass and JSObjectOps implementors may specialize access checks.
JSCheckAccessOp implementations generally work by using JSDBGAPI functions such as JS_FrameIterator and JS_StackFramePrincipals to obtain the principals of the code attempting the checked operation, then examining those principals and comparing them with the system's security policy. The nature of principals and the security policy are entirely up to the application.
If a class leaves the checkAccess field NULL, a runtime-wide object access callback is called instead; see JS_SetCheckObjectAccessCallback.
Page last modified 19:45, 11 Apr 2008 by Jorend