[Project_owners] Storing configuration

Nickolay Ponomarev asqueella at gmail.com
Sat Jul 15 16:54:56 EDT 2006

On 7/15/06, Vladimír Marek <vlmarek at volny.cz> wrote:
> Hi Eric,
> > You can use Object.toSource() to serialize the source to a string. To
> > read the string back into objects, use eval(string);
> That's excellent, exactly what I was looking for ! :)
Not that it matters much in the case of reading from the preferences,
but evalInSandbox is safer/better generally, because a simple eval()
executes the code with the chrome privileges, so if the attacker can
make you eval() his string, he gains full control over the system.


More information about the Project_owners mailing list