On Mon, Jan 5, 2009 at 9:07 AM, Ondrej Zara <[email protected]> wrote:
> Aha, that sounds reasonable. However, this solution also introduces
> the concept of "forbidden" global object, which previously sounded
> strange to me. Now this makes a lot more sense. On the other hand, one
> cannot effectively load any JS "libraries" which introduce new classes
> (say MySQL, HTTP, ...), because these are created as properties of
> global object, ok? So any javascript code needs to be run inside an
> anonymous function:
There are two phases of execution. I will refer to them as Load and
HandleRequest. V8::Script::Run is the load phase. I allow setting of
globals in this phase. However no request specific data is available.
At a minimum in the load phase a HandleRequest global function must
be defined. Then in the HandleRequest phase, global assignments are
prohibited and request specific data is supplied. The mechanism used
may not be comprehensive but it does prevent casual abuse. This is
the interceptor:
bool ProhibitGlobalAssignment;
static Handle<Value> ProhitbitGlobalSet(
Local<String> name,
Local<Value> value, const AccessorInfo& ai)
{
if(ProhibitGlobalAssignment)
return ThrowException(String::New("Assignment Prohibited"));
// return empty handle to allow the op to complete
return Handle<Value>();
}
> Okay. However, note that I do not seek a final and polished solution -
> just some ideas and working concepts (with FCGI included, as I was not
> brave enought to dive into it!) :)
If I get some free time I will put something together. I cannot
promise anything right now.
--
Bryan White
--~--~---------~--~----~------------~-------~--~----~
v8-users mailing list
[email protected]
http://groups.google.com/group/v8-users
-~----------~----~----~----~------~----~------~--~---
