I believe Flash does not use the JS API directly. Rather it uses
NPRuntime (the new scriptable plugin API we started in 2004 with other
browser vendors and plugin providers, to avoid ActiveX) or possibly
javascript: URL injection.
The way to propose this is to mail [email protected] about it
-- that's the list we started in 2004 for discussing new APIs such as
NPRuntime. Google Chrome folks are already active there, along with
Adobe, Apple, Microsoft, Opera, and other plugin vendors I'm
forgetting at the moment.
/be
On Dec 1, 2009, at 4:43 PM, Mike Stay wrote:
Hi, Mr. Eich. I'm on the Caja team here at Google; I'm pretty sure
you're familiar with our goals and our approach through discussions
with Mark Miller. We've pretty much succeeded in virtualizing
JavaScript within web pages; the one place we're failing is with
Flash's interaction with the page via the ExternalInterface class.
At the moment, a page author has only an on/off switch--a Flash
program can either control the page completely or not at all--while
the Flash author has fine-grained control, since he can specify
exactly which ActionScript methods JavaScript code in the page is
allowed to call. We'd like to make the situation more symmetric; we'd
like to be able to specify exactly which JavaScript functions are
visible to the ActionScript code. We've made a proposal to Adobe that
would allow us to do that.
However, it was pointed out to me that it's really not Adobe's
responsibility to protect the page's interests; if we think of the
list of allowed functions as a security policy for a firewall, Adobe
is properly running its own, while the browser has none. I assume
that the Flash player is doing something like
JS_EvaluateScript(cx, global, script, strlen(script),
filename, lineno, &rval);
The JS_EvaluateScript function is effectively granting Flash code the
authority to execute the "eval" function. However, if this function
*literally* invoked "eval" on the provided script, then a page author
could rebind that symbol to a less powerful definition, constraining
the authority of Flash code to cause changes to the page.
Would you support such a change to the way Mozilla interacts with
plugins?
--
Mike Stay - [email protected]
http://math.ucr.edu/~mike
http://reperiendi.wordpress.com
