Manuel Reimer wrote: > My extension is running inside SeaMonkey 1.1.9, which should be "like > Firefox 1.5.x".
Not for purposes of automated XPCNativeWrapper, because the extension system is completely different. See <http://users.skynet.be/fa258499/hackexttutorial.html#note4> > A second test at least showed that the replacement function of alert > seems to get called unprivileged and so wouldn't be dangerous. It can be made dangerous with a bit of effort on the part of the page. > So my question is: What do I have to do to be able to *easily* and > *securely* access untrusted content? I think you can just set chrome:xpcNativeWrappers="yes" on your RDF:Description in your contents.rdf... > I *don't* want to call XPCNativeWrappers over and over again for any property > and any function > I need! Why is there no "recursive XPCNativeWrappers" function which > just returns a fully secured object. There is, as it happens, in the case (not recommended) that you decide to not use automatic XPCNativeWrappers. I thought I'd documented it pretty thoroughly at http://developer.mozilla.org/en/docs/XPCNativeWrapper#Deep_vs._Shallow and http://developer.mozilla.org/en/docs/XPCNativeWrapper#XPCNativeWrapper_constructor_call_with_no_string_arguments but I would welcome feedback on making the documentation clearer.... Hope that helps, Boris _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
