[Project_owners] Storing configuration

Nickolay Ponomarev asqueella at gmail.com
Sat Jul 15 16:54:56 EDT 2006


On 7/15/06, Vladimír Marek <vlmarek at volny.cz> wrote:
> Hi Eric,
>
> > You can use Object.toSource() to serialize the source to a string. To
> > read the string back into objects, use eval(string);
>
> That's excellent, exactly what I was looking for ! :)
>
Not that it matters much in the case of reading from the preferences,
but evalInSandbox is safer/better generally, because a simple eval()
executes the code with the chrome privileges, so if the attacker can
make you eval() his string, he gains full control over the system.

Nickolay


More information about the Project_owners mailing list