Hi, I'm wondering if anybody could provide pointers to documentation, or insight, about FF's security model.
Specifically, I'm being faced with the problem in which JS code running in a sandbox calls a JS function defined by extension/chrome code, but FF's security manager appears to apply the security policy that governs the subject of the sandbox. In the specific case, a call to XPath's evaluate function fails with a security error because the document being operated one was retrieved from a different origin that the origin associated with the sandbox. My question: does Firefox's JS have something similar to AccessController.doPrivileged() [1] that would allow trusted chrome code to assert its privileges when being called from untrusted sandbox code? If not, how is it possible to provide controlled access to functionality that requires the system principal to untrusted code? Thanks, - Godmar [1] http://java.sun.com/j2se/1.4.2/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction) _______________________________________________ Project_owners mailing list [email protected] https://www.mozdev.org/mailman/listinfo/project_owners
