Components.utils.waiveXrays 编辑

Waives Xray vision for an object, giving the caller a transparent wrapper to the underlying object.

When privileged JavaScript in Gecko accesses objects belonging to less-privileged code (such as untrusted web content), it does so, by default, with "Xray vision": a mechanism that filters out certain changes to the objects that could cause them to behave in unexpected ways. For example, privileged code using an Xray to a DOM object sees only  the original, native version of the DOM object. Any expando properties are not visible, and if any native properties have been redefined, this has no effect.

Xray vision is designed to make most simple operations safe. However, in some cases it can be too restrictive: for example, if you need to see an expando property on a DOM object. In these cases you can use waiveXrays to remove Xray vision for the object.

Waiving Xrays is transitive, so waiving it for an object automatically waives it for any properties of that object (and their properties, and so on).

If you waive Xray vision, you can no longer trust that any of the object's properties are what you expect: any of them, including prototypes and accessors, could have been redefined by the less-privileged code.

To undo waiveXrays and get Xray vision back, call Components.utils.unwaiveXrays on the object.

The result of waiveXrays is just like the wrappedJSObject property for Xrayed objects, but it's more useful because you can call it on primitives or objects that aren't Xrays, in which case it just returns the argument you passed in. This means you don't have to care whether the initial object is an Xray or not.

Syntax

waived = Components.utils.waiveXrays(obj);

Parameters

obj
The object for which we wish to waive Xrays.

Returns

If the argument obj is an Xray, this function returns a wrapper that transitively waives Xray behavior on the underlying object and anything that comes off the object. If obj is not an Xray, this function just returns obj.

Example

Suppose a page script adds an expando to its global window:

// page script

foo = "I'm an expando";

By default, chrome code won't see foo, because it sees the content window with Xray vision, but the chrome code can waive Xray protection:

// chrome code

// contentWindow is an Xray
var isXray = Components.utils.isXrayWrapper(gBrowser.contentWindow);  // true

// expandos are not visible in Xrays
var foo = gBrowser.contentWindow.foo;                                 // undefined

// you can waive Xray vision for an object
var waived = Components.utils.waiveXrays(gBrowser.contentWindow);
isXray = Components.utils.isXrayWrapper(waived);                      // false
foo = waived.foo;                                                     // "I'm an expando"

// waiving is transitive
isXray = Components.utils.isXrayWrapper(waived.document);             // false

 

See also

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:81 次

字数:4148

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文