Eric H. Jung wrote:
Do you care/need to know if the data is corrupted?
No.
You should. And having the properties wrapped in accessors can help
here. I'd be tempted to reset the __proto__ property to regain you class
data to allow for this, or create a wrapper class which deals with the
details...
var data = new Object();
data.foo = 'abc';
var DataHandler = new Object();
DataHandler.getFoo = function (obj)
{
// check obj.foo
// then
return obj.foo;
}
DataHandler.setFoo = function (obj, val)
{
// check obj
// check val
// then
obj.foo = val;
}
Since all your data handling is separated from your data, you can
happily just use simple objects to store the data. You can also handle
computed properties easier, which in turn might reduce the size of
toSource().
I have a tendency to try to write full classes rather than leverage the
language. I think this is a result of dealing with too many languages,
all of which have their own tricks. In the end it just gets too confusing.
Do you care/need to know if the data is maliciously changed to include
new functions that will now run inside chrome in your extension?
No.
You should, to be fair.. Though I wonder how many people check things
like preference values in their extensions?
Pondering this, I think I'm safe purely by chance, since the only real
values I store are URIs for mail folders. Frigging about with them is
only going to result in an exception.
If you store & use, without checking, something like a web URL that's
used, for instance, with some user account info (social bookmarking,
hotmail/google, etc) then a naughty extension could switch that to a
proxy...
_______________________________________________
Project_owners mailing list
[email protected]
http://mozdev.org/mailman/listinfo/project_owners
