Subj : Re: the native() call...
To   : Oystein
From : Brendan Eich
Date : Tue Jun 15 2004 02:29 pm

Oystein wrote:

> Take for example the |document| object. The |document| object is represented
> in the DOM as an XPCOM object that can be accessed using its idl interface
> and XPConnect. The |document| object is also an object in the
> js-engine,where it is a property of the window object. In addition XPConnect
> will build a wrapper object at runtime for the |document| object, so that it
> can handle property accesses between XPCOM and javascript objects. So there
> are actually three objects...

No, the XPConnect wrapper for the XPCOM C++-implemented object is the 
same as the one that you say is "in the js-engine".

There are two objects, one JS and one C++, if you like.

> I believe the access control(if the executing
> script can execute a particular method) is done in the DOM, but I havent
> been able to figure out how this is done. (I thought that one of the
> parameters in the native() call was one of the determining factors in
> this...)

Do you mean whether the "same origin" access control policy applies, or 
whether a preference such as those described at 
http://www.mozilla.org/projects/security/components/ConfigPolicy.html is 
set to allow access to a method such as otherWindow.focus ?

> My ultimate goal is to log every access to the DOM that a downloaded
> javascript does. For example:
> var t = document.cookie;
> document.write("something");
> window.open("http....");
> 
> I figured I need to completely understand the communication between
> spidermonkey and mozilla to know where to place my logging function. My
> initial idea was to place it in spidermonkey, but it seems there is no way
> to separate between downloaded scripts and chrome scripts in
> spidermonkey.(and I do not want to log access done by chrome scripts...)

You should consider doing the logging in DOM code.  See 
http://lxr.mozilla.org/mozilla/source/dom/src/base/nsDOMClassInfo.cpp.

/be

.