Using win.wrappedJSObject

From FirebugWiki

Revision as of 04:44, 17 October 2010 by Johnjbarton (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

To access the values of a Web page variable in Firefox you can use |wrappeddJSObject|. So to get the value seen in the Web page as |window.a|, use |win.wrappedJSObject.a| where |win| is the Web page's nsIDOMWindow (given by context.window in Firebug).

Any object obtained via |wrappedJSObject| is a live Web page object. Hackers can try to use Firebug's access of these objects to attack users. Therefore you need to take care to limit how you use |wrappedJSObject|.

Here are some guidelines from Boris Zbarsky on the moz.dev.platform newsgroup. Here a content object is the Web page properties:

1) You can read properties from content objects, and the act of reading them is safe. The result also satisfies this property.

2) You can safely set properties on content objects to primitive values.

3) You can safely set properties on content objects to object values, modulo rule 5. All objects/functions reachable via the object value would be visible to content, I think.

4) You don't want to pass anything coming from content to any place that treats strings as JS source.

5) You don't want to allow content to directly call chrome-privilege functions unless they have been _very_ carefully vetted and you understand completely all places that content-controlled data can reach via those functions.

Among the things that one might like to do in chrome-privilege functions called by content: > 1) read content objects, > 2) assign content objects to content objects, > 3) call DOM platform methods and pass content objects.

Mostly yes, though if you violate same-origin restrictions in #3 there (which you can do, as chrome) you can lose.

> 4) assign strings obtained from content objects to chrome object > properties

If you're guaranteed that they're strings, and if you're careful about what you do with those chrome object properties, yes.

> 5) assign strings obtained from chrome objects to content objects

Yes.

> 6) avoid passing content objects into chrome functions unless you can > ensure that you don't violate the rest of the guidelines. > 7) beware that chrome functions can close over chrome objects.

Yes.

You can also make network requests or read the filesystem and combine resulting strings with strings you get from content....

Personal tools