[Project_owners] XPCNativeWrapper and nsIDOMNSHTMLDocument object

Neil neil at parkwaycc.co.uk
Tue Aug 2 11:15:35 EDT 2005

Didier Ernotte wrote:

>It seems that the security model has been changed and it's much more complicated now.
Well, the first consideration is are you going to allow javascript from 
arbitrary websites to run in your browser, or in any browser that you 
intend to access? If not, then you don't need to use wrappers.
If you do think you need to use wrappers, then there are several 
varieties floating around.
The Gecko 1.7 branch has no built-in wrappers but Mozilla 1.7.x and 
Firefox 1.0.x provide XPCNativeWrapper.js which allows you to wrap named 
properties and methods.
The Gecko trunk has a built-in XPCNativeWrapper which operates in two 
modes: a backwards-compatible mode with named properties, and a mode in 
which all properties are wrapped. You use new 
XPCNativeWrapper(untrustedDocument) for the latter mode.
The Gecko trunk also has a system whereby all untrusted documents can be 
automatically wrapped; this is invoked by a suitable declaration in your 
extension manifest.
However, there used to be a number of properties that you couldn't set 
on an XPC native wrapper, such as window.location; this was only fixed 
recently (bug 296967) so you would have to use a nightly build if that 
is your problem.

More information about the Project_owners mailing list