Subj : Re: JS_EvaluateScriptForPrincipals() vs JS_EvaluateScript() To : Brendan Eich From : Oystein Hallaraker Date : Wed Jun 30 2004 07:44 pm Brendan Eich wrote: > Oystein Hallaraker wrote: > >> Hi! >> I have been looking at the code for the two different api functions >> JS_EvaluateScriptForPrincipals() and JS_EvaluateScript(). I am reading >> that the first one is a secure version and takes a JSPrincipals struct >> as a parameter. But where in the engine is this JSPrincipals struct >> used? When spiderMonkey is embedded in the mozilla browser, does it >> matter which of these functions are called, since the access >> control(same origin) is done in the dom/nsScriptSecurityManager? > > > > If you are embedding in Mozilla (Gecko, one of the apps), and you want > caps/src/nsScriptSecurityManager.cpp (caps, not dom) to be used, I meant dom and nsScriptSecurityManager(not as a path...) my mistake! you > must use nsIScriptContext to call that interface's EvaluateString > method. You should not be using the raw JS API. > > Obviously, the DOM does use principals, and caps depends on that fact. > If you trace the control flow in js/src by looking for JSPRINCIPALS_HOLD > and JSPRINCIPALS_DROP calls, you may start to see the light ;-). But > you can use the XPCOM interfaces to caps and dom and not even have to > worry -- just have faith! ;-) that's a possibility... but I really want to understand what is going on! This is what I believe is going on between spidermonkey and the dom, please correct me where I am wrong (I assume that will be alot...): The dom will first initialize a runtime, the global object and the standard ecma objects (date,boolean etc). But when are all the dom objects initialized in spiderMonkey as JSObjects and XPCWrappedNative's? Does this happen in the initialization process or when a script tries to access a property that has not been initialized as a JSObject? As far as I have understood this, all dom objects will be registered as JSObjects and XPCWrappedNative objects in spidermonkey, with callbacks back to the DOM. I can see that the Principals are used in the DOM, but I cannot see where the principals are used in spidermonkey... Maybe it's just me, but I have been looking at that for weeks... And once again, thanks for all the help Brendan. Oystein .