Using win.wrappedJSObject
From FirebugWiki
(Difference between revisions)
Johnjbarton (Talk | contribs) (Created page with 'To access the values of a Web page variable in Firefox you can use |wrappeddJSObject|. So to get the value seen in the Web page as |window.a|, use |win.wrappedJSObject.a| where |…') |
Johnjbarton (Talk | contribs) |
||
| Line 3: | Line 3: | ||
Any object obtained via |wrappedJSObject| is a live Web page object. Hackers can try to use Firebug's access of these objects to attack users. Therefore you need to take care to limit how you use |wrappedJSObject|. | Any object obtained via |wrappedJSObject| is a live Web page object. Hackers can try to use Firebug's access of these objects to attack users. Therefore you need to take care to limit how you use |wrappedJSObject|. | ||
| - | Here are some guidelines from Boris Zbarsky on the [http://groups.google.com/group/mozilla.dev.platform/browse_thread/thread/8d8470bce0d5b80f/9ec34b4fe93f24bb moz.dev.platform newsgroup]. Here a content object is the Web page properties | + | Here are some guidelines from Boris Zbarsky on the [http://groups.google.com/group/mozilla.dev.platform/browse_thread/thread/8d8470bce0d5b80f/9ec34b4fe93f24bb moz.dev.platform newsgroup]. (Here a content object is the Web page properties) |
| - | + | == Accessing Content Object In Chrome Privileged Scripts == | |
| - | + | # You can read properties from content objects, and the act of reading them is safe. The result also satisfies this property. | |
| + | # You can safely set properties on content objects to primitive values. | ||
| + | # You can safely set properties on content objects to object values, modulo rule 5. All objects/functions reachable via the object value would be visible to content, I think. | ||
| + | # '''You don't want to pass anything coming from content to any place that treats strings as JS source.''' Examples: eval(), setTimeout(), any DOM element attribute that might interpreted as a handler. | ||
| + | # You don't want to allow content to directly call chrome-privilege functions unless they have been _very_ carefully vetted and you understand completely all places that content-controlled data can reach via those functions. | ||
| - | + | == Running Chrome Scripts in Content Objects == | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
Among the things that one might like to do in chrome-privilege functions called by content: | Among the things that one might like to do in chrome-privilege functions called by content: | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | + | # read content objects, | |
| + | # assign content objects to content objects, | ||
| + | # call DOM platform methods and pass content objects. (but don't violate same-origin restrictions) | ||
| + | # assign strings obtained from content objects to chrome object properties (Beware of rule 4 from the previous section!) | ||
| + | # assign strings obtained from chrome objects to content objects | ||
| + | # avoid passing content objects into chrome functions unless you can ensure that you don't violate the rest of the guidelines. | ||
| + | # beware that chrome functions can close over chrome objects. | ||
You can also make network requests or read the filesystem and combine resulting strings with strings you get from content.... | You can also make network requests or read the filesystem and combine resulting strings with strings you get from content.... | ||
Revision as of 04:54, 17 October 2010
To access the values of a Web page variable in Firefox you can use |wrappeddJSObject|. So to get the value seen in the Web page as |window.a|, use |win.wrappedJSObject.a| where |win| is the Web page's nsIDOMWindow (given by context.window in Firebug).
Any object obtained via |wrappedJSObject| is a live Web page object. Hackers can try to use Firebug's access of these objects to attack users. Therefore you need to take care to limit how you use |wrappedJSObject|.
Here are some guidelines from Boris Zbarsky on the moz.dev.platform newsgroup. (Here a content object is the Web page properties)
Accessing Content Object In Chrome Privileged Scripts
- You can read properties from content objects, and the act of reading them is safe. The result also satisfies this property.
- You can safely set properties on content objects to primitive values.
- You can safely set properties on content objects to object values, modulo rule 5. All objects/functions reachable via the object value would be visible to content, I think.
- You don't want to pass anything coming from content to any place that treats strings as JS source. Examples: eval(), setTimeout(), any DOM element attribute that might interpreted as a handler.
- You don't want to allow content to directly call chrome-privilege functions unless they have been _very_ carefully vetted and you understand completely all places that content-controlled data can reach via those functions.
Running Chrome Scripts in Content Objects
Among the things that one might like to do in chrome-privilege functions called by content:
- read content objects,
- assign content objects to content objects,
- call DOM platform methods and pass content objects. (but don't violate same-origin restrictions)
- assign strings obtained from content objects to chrome object properties (Beware of rule 4 from the previous section!)
- assign strings obtained from chrome objects to content objects
- avoid passing content objects into chrome functions unless you can ensure that you don't violate the rest of the guidelines.
- beware that chrome functions can close over chrome objects.
You can also make network requests or read the filesystem and combine resulting strings with strings you get from content....
