On Tue, Jan 19, 2010 at 2:32 PM, Rodolfo Toledo <[email protected]>wrote:
> Hello,
>
> I searched the list and I didn't find anything related to my question.
> I hope I didn't miss something obvious.
>
> What I want to do is to restrict what a cajoled script can do with a
> reference.
>
> Lets say that I want to restrict the number of windows an script can
> open. I assume that one way to accomplish this is to pass to the
> cajoled script a reference to a "window" object that counts the number
> of times "open" is invoked and somehow forbid further calls once the
> limit is reached. Is that correct?
>
That's correct.
>
> In that case, the script is unaltered because it just uses "window" as
> a free identifier and invokes "open" on it.
>
> If the above is correct, my limited knowledge of Caja internals says
> me that this approach will work flawlessly for "flat" objects, but for
> "deep" ones it would be much more complicated. The issue is that the
> whole hierarchy of objects must be replaced to control what the script
> does. (this would be the case if the call is
> window.sub1.sub2.sub3.open).
>
> Is there a way to accomplish this more easily? Something like extend
> Caja itself to add new rules.
>
Have a look at ___.tame, ___.untame and ___.tamesTo in cajita.js. ___.tame
will recursively walk the object you provide and return a tamed
representation of it. Use ___.markInnocent, ___.grantInnocentMethod,
___.grantRead etc to grant access to particular objects and these will be
available on the tamed representation. You can use ___.tamesTo to atteunate
the tamed behavior of a particular function (like open in your example
above).
For example, if you wanted to attenuate window.sub1.sub2.sub3.open, you'd
need to do:
___.tamesTo(foo.sub1.sub2.sub3.open, ___.markFuncFreeze(function () {
...attenuation here...
var realResult = foo.sub1.sub2.sub3();
...more attenutation here...
return ___.tame(realResult);
}));
___.grantRead(foo, 'sub1');
___.grantRead(foo.sub1, 'sub2'); // only needed if sub1 is not a record
___.grantRead(foo.sub2, 'sub3'); // only needed if sub2 is not a record
imports.outers.sub1 = ___tame(window.sub1);
> Sorry if the questions are too basic.
>
> Thanks in advance.
> Rodolfo Toledo.
>
