Subj : Re: the native() call... To : netscape.public.mozilla.jseng From : Oystein Date : Tue Jun 15 2004 06:12 pm Again, thanks for the help Brendan! I am looking into nsDOMClassInfo, and it seems that this is the best place to put my logging mechanism. But in the specs, I am reading that XPConnect only will call the nsIXPCScriptable methods if the attribute is not defined in IDL. For example, GetProperty() is used only when retrieving an attribute that was not defined in IDL. So do I need to remove this attribute from IDL to be able to go through the scriptable methods in the helper classes? And is it also possible to intercept method calls using classInfo? Oystein "Brendan Eich" wrote in message news:40CF5C1F.2090902@meer.net... > Oystein wrote: > > > Take for example the |document| object. The |document| object is represented > > in the DOM as an XPCOM object that can be accessed using its idl interface > > and XPConnect. The |document| object is also an object in the > > js-engine,where it is a property of the window object. In addition XPConnect > > will build a wrapper object at runtime for the |document| object, so that it > > can handle property accesses between XPCOM and javascript objects. So there > > are actually three objects... > > No, the XPConnect wrapper for the XPCOM C++-implemented object is the > same as the one that you say is "in the js-engine". > > There are two objects, one JS and one C++, if you like. > > > I believe the access control(if the executing > > script can execute a particular method) is done in the DOM, but I havent > > been able to figure out how this is done. (I thought that one of the > > parameters in the native() call was one of the determining factors in > > this...) > > Do you mean whether the "same origin" access control policy applies, or > whether a preference such as those described at > http://www.mozilla.org/projects/security/components/ConfigPolicy.html is > set to allow access to a method such as otherWindow.focus ? > > > My ultimate goal is to log every access to the DOM that a downloaded > > javascript does. For example: > > var t = document.cookie; > > document.write("something"); > > window.open("http...."); > > > > I figured I need to completely understand the communication between > > spidermonkey and mozilla to know where to place my logging function. My > > initial idea was to place it in spidermonkey, but it seems there is no way > > to separate between downloaded scripts and chrome scripts in > > spidermonkey.(and I do not want to log access done by chrome scripts...) > > You should consider doing the logging in DOM code. See > http://lxr.mozilla.org/mozilla/source/dom/src/base/nsDOMClassInfo.cpp. > > /be .