Subj : Re: [SpiderMonkey]Export/import statements bug in new release of To : netscape.public.mozilla.jseng From : David Date : Fri Jul 09 2004 02:04 pm Brendan Eich wrote: > David wrote: > >> Hello, >> >> I found a bug in the new javascript 1.5 version of SpiderMonkey. If >> you try to use the export/import statements (which are very usefull if >> you using security scripts in dynamic page generation context), the >> new version of mozilla (1.7) does not reconize anymore thoses >> statements whereas the version 1.6 does. >> >> I saw in http://lxr.mozilla.org/mozilla/source/js/src/jsconfig.h#457 >> that this functionnality seems to be desactivated in new 1.5 >> javascript version, is this normal ? > > > > Argh. I turned off this support via the jsconfig.h macro to save code > footprint. I didn't know people still used it. > Well, as long as programs developed in XUL were still located in the chrome directory and relatively "static", that kind of functionality wasn't required I think. But if like us people want to do the "more remote" xul application as possible, this would be required. For example, in XUL file you can define a link to a DTD that contains the different translations of the label, menu, etc... of the application. But this only works if the application relies in the chrome directory. In remote XUL file, you need to include dynamically the content of the DTD at the beginning of the XUL file. This could be easyly done by a servlet or a jsp page, but if you do that the XUL page can't be signed, and the secure javascript doesn't work anymore... > >> Is there a another way to call a signed javascript function in a >> non-signed html page ? > > > > In 1.6, did signed scripts work for you? That is, could they enable > privileges and so on, and do whatever they did that worked in Netscape 4.x? > Indeed we could't really test it on 1.6 because remote signed script were killing Mozilla. We just tested import/export with non-signed script on HTML pages, and it worked fine. In fact due to the 1.6's bug on signed scripts we passed to 1.7. With that version, the remote signed-scripts were working, but not the import/export functionnality... [...] > >> I've signal a bug http://bugzilla.mozilla.org/show_bug.cgi?id=249211 >> at the end of last month, but I haven't got any reply for the moment... > > > > I'll comment there now. > > >> For thoses who are interested in writing signed Javascript functions : >> http://developer.netscape.com/docs/manuals/communicator/jssec/contents.html >> >> >> Please help, we are stuck with this problem since 2 weeks. > > > > I can get you a fix for 1.7.x with a little help from my driver friends. > > /be That would be great, thanks a lot. Bye. David .