Thanks! On Tue, Dec 1, 2009 at 4:55 PM, Brendan Eich <[email protected]> wrote: > I believe Flash does not use the JS API directly. Rather it > uses NPRuntime (the new scriptable plugin API we started in 2004 with other > browser vendors and plugin providers, to avoid ActiveX) or possibly > javascript: URL injection. > The way to propose this is to mail [email protected] about it -- > that's the list we started in 2004 for discussing new APIs such as > NPRuntime. Google Chrome folks are already active there, along with Adobe, > Apple, Microsoft, Opera, and other plugin vendors I'm forgetting at the > moment. > /be > > > On Dec 1, 2009, at 4:43 PM, Mike Stay wrote: > > Hi, Mr. Eich. I'm on the Caja team here at Google; I'm pretty sure > you're familiar with our goals and our approach through discussions > with Mark Miller. We've pretty much succeeded in virtualizing > JavaScript within web pages; the one place we're failing is with > Flash's interaction with the page via the ExternalInterface class. > > At the moment, a page author has only an on/off switch--a Flash > program can either control the page completely or not at all--while > the Flash author has fine-grained control, since he can specify > exactly which ActionScript methods JavaScript code in the page is > allowed to call. We'd like to make the situation more symmetric; we'd > like to be able to specify exactly which JavaScript functions are > visible to the ActionScript code. We've made a proposal to Adobe that > would allow us to do that. > > However, it was pointed out to me that it's really not Adobe's > responsibility to protect the page's interests; if we think of the > list of allowed functions as a security policy for a firewall, Adobe > is properly running its own, while the browser has none. I assume > that the Flash player is doing something like > JS_EvaluateScript(cx, global, script, strlen(script), > filename, lineno, &rval); > The JS_EvaluateScript function is effectively granting Flash code the > authority to execute the "eval" function. However, if this function > *literally* invoked "eval" on the provided script, then a page author > could rebind that symbol to a less powerful definition, constraining > the authority of Flash code to cause changes to the page. > > Would you support such a change to the way Mozilla interacts with plugins? > -- > Mike Stay - [email protected] > http://math.ucr.edu/~mike > http://reperiendi.wordpress.com > >
-- Mike Stay - [email protected] http://math.ucr.edu/~mike http://reperiendi.wordpress.com
