Hello, Scenario: an HTML side is loaded, several script tags with javascript are included.
Today all the scripts of a document (even if the script loaded with the src-attribute from a different side) are put into one context somehow. The idea: Treating single script tags separately. My idea is to tag the scripts (e.g. with additional html attributes) to enable a finer-grained access control for accessing documents via DOM trees. The problem: Somehow I have to treat script code of different script tags separateley. Probably I have to put them into differnt kind of runtime contexts and have to control the access similar to the situation where a script tries to access cross-frame to another document. MY problem: I do not see how to start. It seems that the whole JS engine is involved as well as the CAPS component. I try to find out how it works, but there are many differnt functions: In CAPS: SecurityCompareURIs, CheckSameOriginPrincipal, CheckSameOriginURI, CheckSameOrigin, CheckPropertyAcessImpl, CheckPropertyAccess, CanAccess, ... I also do not understand the exact meaning of "JSContext" and the usage of "principle". Is there any documentation I can read or is anyone here willing to give me a few advices? Thanks a lot! Mel. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
