Re: libseed-list Seed constrained context
- From: Alexandre Mazari <amazari igalia com>
- To: Tim Horton <tim hortont com>
- Cc: libseed-list gnome org
- Subject: Re: libseed-list Seed constrained context
- Date: Fri, 25 Mar 2011 10:27:39 +0100
Hi Tim !
> Bugzilla is down, so I'm sending you an email instead
Yeah makes life harder. Need our daily bugs fix.
>
> isn't this functionality more or less what Seed's built-in Sandbox
> module does?
>From what I understand, and please correct me if I am wrong, both are
related to security and isolation but they are orthogonal IMHO.
The proposed patch allow the creation of an empty engine/context where
the developer from C. This context disallow the js code of importing
arbitrary namespace, object, script or module.
The context is *selectively* filled by the C developer of *choosen*
namespaces and objects.
The main use-case is an application executing arbitrary JS code (coming
from the web for example). Obviously, you dont want this code to import
Gio and play with your filesystem.
On the other hand, the Sandbox module's provides a mean to create
isolated context from within JS.
>From what I gather from the source, the sandboxed context is filled with
the builtins and the import system.
Also the module API is not public (in C).
I do think both solutions answer to different problems, and each has its
place in Seed.
Thanks,
Alexandre
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]