Boris Zbarsky ha escrito: > Mitchi wrote: > >> You missed timeless' point. His point was that your component can attach > >> hooks > >> to the global JS object allowing untrusted content to call into your > >> component > >> and only your component. That's what XMLHttpRequest does. > > > > I don't catch what you're trying to tell, I'm sorry. Could you explain > > it more? > > var http = new XMLHttpRequest(); > > When you do that, a constructor function is called. This constructor function > is attached to the global object by the XMLHttpRequest component. This allows > construction of an XMLHttpRequest object without needing access to > Components.classes or knowing its contract id. > > Same this for DOMParser, DOMSerializer. >
Ok. I get it. > >>> The problem is that XPCOM is a very powerful way to let developers > >>> extend mozilla's functionality, but the strictness of the access method > >>> makes it completely unusable. > >> It's not really designed for use from web pages, yeah. > > > > Ok, so there never will be a way to extend the javascript > > functionality, right? > > All I said is that right now you have to extend by attaching > constructors/getters to the global object instead of just allowing web pages > to > instantiate you by contract. > Oh! Thank The Holy Flying Spaghetti Monster!!!! So there's a way to access my component from javascript without needing a signed script? Oh, fuck! I feel completely stupid now, man! Now that we have used a different and less elegant solution... this is not documented in mozilla developers, right? My boss has just told me to follow this thread and try to solve the problem with a component. I've been looking for info and I just found another message where you recommended to see how it's done with the code of XMLHttpRequest in the files nsXMLExtrasModule.cpp and nsXMLHttpRequest.cpp. There isn't anymore documentation, right? If you could give me some more information about this, please, do it. Finally I really must thank you for your help. I felt completely frustrated with the idea that there wasn't a solution, and you have opened a new door to keep on working. I am truly sorry if you were annoyed for my previous messages and the ignorance I showed there. Thank you. > -Boris _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
