To use evalInSandbox, you must first create a sandbox object using its constructor,
Components.utils.Sandbox. The sandbox must be initialized with a principal URI. This URI is used for same-origin security checks. For example, passing a URI of
document.domain, changing same-origin security checks, you can also pass a DOM window object to the sandbox constructor.
// create a sandbox with a given principal var s = Components.utils.Sandbox("http://www.example.com/"); // the sandbox object is the global scope object // for script you execute s.y = 5; var result = Components.utils.evalInSandbox("x = y + 2; x + 3", s); // result is 10, s.x is now 7 s.foo = Components; // this will give a "Permission Denied" error Components.utils.evalInSandbox("foo.classes", s);