XPCNativeWrapper

  • Revision slug: Talk:XPCNativeWrapper
  • Revision title: XPCNativeWrapper
  • Revision id: 287604
  • Created:
  • Creator: Akiross
  • Is current revision? Yes
  • Comment How to use instanceof?

Revision Content

importXPCNative

importXPCNative is not documented.

0003: zz=XPCNativeWrapper(document.implementation); zz.importXPCNative('hasFeature') Caught exception: “TypeError: zz.importXPCNative is not a function�?

and you can't work around it:

0003: XPCNativeWrapper.prototype.importXPCNative=function(){} Caught exception: “Error: XPCNativeWrapper.prototype.importXPCNative is read-only�?

(unsigned, by timeless)

Setting expando properties accessible from content

It's not clear from the text in what sense it's not "safe" to set expandos via wrappedJSObject. I intend to add something like this to the paragraph, but I need to check the implications of this {{ mediawiki.external('the page\'s ability to run code in the setter') }} with brendan/mrbkap (as suggested by bz): --Nickolay 16:26, 10 September 2006 (PDT)

* - You can assign to a property on the wrapper's wrappedJSObject, but it may end up running the setter defined by the page instead of actually setting the property. This may lead to a security hole and should be avoided.


instanceof

How should one identify the wrapped object type if instanceof doesn't work? How perform a safe check that may work in any case?

Revision Source

<h3 id="importXPCNative" name="importXPCNative"> importXPCNative </h3>
<p>importXPCNative is not documented.
</p><p>0003: zz=XPCNativeWrapper(document.implementation); zz.importXPCNative('hasFeature')
Caught exception: “TypeError: zz.importXPCNative is not a function�?
</p><p>and you can't work around it:
</p><p>0003: XPCNativeWrapper.prototype.importXPCNative=function(){}
Caught exception: “Error: XPCNativeWrapper.prototype.importXPCNative is read-only�?
</p><p>(unsigned, by timeless)
</p>
<h3 id="Setting_expando_properties_accessible_from_content" name="Setting_expando_properties_accessible_from_content"> Setting expando properties accessible from content </h3>
<p>It's not clear from the text in what sense it's not "safe" to set expandos via wrappedJSObject. I intend to add something like this to the paragraph, but I need to check the implications of this {{ mediawiki.external('the page\'s ability to run code in the setter') }} with brendan/mrbkap (as suggested by bz): --<a href="User:Nickolay">Nickolay</a> 16:26, 10 September 2006 (PDT)
</p>
<dl><dd><span class="nowiki">*</span> - You can assign to a property on the <a href="#Accessing_unsafe_properties">wrapper's wrappedJSObject</a>, but it may end up running the <a href="en/Core_JavaScript_1.5_Guide/Creating_New_Objects/Defining_Getters_and_Setters">setter</a> defined by the page instead of actually setting the property. This may lead to a security hole and should be avoided.
</dd></dl>
<p><br>
</p>
<h3 id="instanceof" name="instanceof"> instanceof </h3>
<p>How should one identify the wrapped object type if instanceof doesn't work? How perform a safe check that may work in any case?
</p>
Revert to this revision