874
edits
Labs/Jetpack/JEP/37: Difference between revisions
→Capability Factories: added more docs on api
m (minor rewording) |
(→Capability Factories: added more docs on api) |
||
| Line 35: | Line 35: | ||
# creating a capability object which is accessible from a jetpack sandbox, optionally attenuated as per certain parameters expressed as a JSON object, and | # creating a capability object which is accessible from a jetpack sandbox, optionally attenuated as per certain parameters expressed as a JSON object, and | ||
# describing what the capability does in terms that a reasonably technical end-user can understand. | # describing what the capability does in terms that a reasonably technical end-user can understand. | ||
Following are the methods any capability factory must implement. | |||
<tt>'''describe'''(''params'')</tt> | |||
Return a string describing what the capability provides, possibly attenuated as per the given optional JSON object parameter. This string may be shown to technical reviewers or adventurous end-users who obtain an add-on from an untrusted site, and can be used to help someone subjectively determine how much risk an addon presents to their system. | |||
If the value of ''params'' is invalid for some reason, this method should return <tt>null</tt>. | |||
<tt>'''create'''(''params'')</tt> | |||
Create and return a capability attenuated as per the given optional JSON object parameter. | |||
For security purposes, any non-primitive, non-function object returned directly or indirectly by <tt>create()</tt> should contain metadata that contains an <tt>__exposedProps__</tt> property as defined in [[XPConnect Chrome Object Wrapper]]. Otherwise, an exception will be thrown. | |||
If the value of ''params'' is invalid for some reason, this method should return <tt>null</tt>. | |||
== Usage == | == Usage == | ||