How to ensure that your script runs first in a webpage

David Bruant bruant.d at gmail.com
Sat Feb 4 03:48:35 PST 2012


Le 04/02/2012 04:42, Mark S. Miller a écrit :
> > Considering the 2-argument eval example from above, you could define a
>
>     > 'document' property is the second argument and this document
>     (what the
>     > eval code gets when it asks for the "document" variable) could be an
>     > emulation of an HTMLDocument, but forward all (relevant) calls
>     > (appendChild...) to a given element you've chosen.
>     >
>     > It seems it could be easily implemented.
>
>
> Hi David, SES implements essentially your two argument eval, but
> instead of 
>
>     eval(codeInString, {localStorage:oneSlotLocalStorage});
>
> you'd say
>
>     var imports = cajaVM.makeImports();
>     cajaVM.copyToImports(imports, {localStorage:oneSlotLocalStorage});
>     cajaVM.compileExpr(codeInString)(imports);
I had some insight that there was a way, but wasn't sure of how to do it
in Caja, thanks.

The internalCompileExpr function uses "with", how will this code behave
in ES6 since it's built on top of ES5 strict?

Do you think there would be a value in having the 2-arguments eval as a
native construct?
Maybe performance?
Maybe long-term reliability if there is a test suite in test262 that
browsers will be strongly encouraged to comply to?


> As for your suggestion of providing a virtual document as the binding
> of "document" seen by untrusted code, that is precisely how Caja uses
> SES. The Caja wrapping and virtualization of the browser API
> (especially the DOM) is known as Domado[3].
>
> [3]
> http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/plugin/domado.js?r=4758
Thanks for the reference.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120204/0c63c33f/attachment-0001.html>


More information about the es-discuss mailing list