874
edits
Labs/Jetpack/JEP/37: Difference between revisions
→Capability Factories: minor rewordings
(reworded some things in philosophy section) |
(→Capability Factories: minor rewordings) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 21: | Line 21: | ||
In the context of this document, a ''jetpack'' is a collection of code and metadata about the code. The code, if executed, is run in a sandbox in accordance with the principle of least authority. | In the context of this document, a ''jetpack'' is a collection of code and metadata about the code. The code, if executed, is run in a sandbox in accordance with the principle of least authority. | ||
A ''capability'' is an object in a JavaScript sandbox that endows code with the ability to do something it is incapable of doing | A ''capability'' is an object in a JavaScript sandbox that endows code with the ability to do something it is otherwise incapable of doing: e.g. accessing a file, the network, a user password, and so forth. | ||
The jetpack's metadata is called a ''manifest'' and can be expressed as a JSON object. It has the following keys: | The jetpack's metadata is called a ''manifest'' and can be expressed as a JSON object. It has the following keys: | ||
| Line 35: | Line 35: | ||
# creating a capability object which is accessible from a jetpack sandbox, optionally attenuated as per certain parameters expressed as a JSON object, and | # creating a capability object which is accessible from a jetpack sandbox, optionally attenuated as per certain parameters expressed as a JSON object, and | ||
# describing what the capability does in terms that a reasonably technical end-user can understand. | # describing what the capability does in terms that a reasonably technical end-user can understand. | ||
Following are the methods any capability factory must implement. | |||
<tt>'''describe'''(''params'')</tt> | |||
Return a string describing what the capability provides, possibly attenuated as per the given optional JSON object parameter. This string may be shown to technical reviewers or adventurous end-users who obtain an add-on from an untrusted site, and can be used to help someone subjectively determine how much risk an addon presents to their system. | |||
If the value of ''params'' is invalid for some reason, this method should return <tt>null</tt>. | |||
<tt>'''create'''(''params'')</tt> | |||
Create and return a capability attenuated as per the given optional JSON object parameter. | |||
For security purposes, any non-primitive, non-function object returned directly or indirectly by <tt>create()</tt> should contain metadata that contains an <tt>__exposedProps__</tt> property as defined by the [[XPConnect Chrome Object Wrapper#COWing_Objects|Chrome Object Wrapper]] specification. Otherwise, an exception will be thrown. | |||
If the value of ''params'' is invalid for some reason, this method should return <tt>null</tt>. | |||
== Usage == | == Usage == | ||