Readonly SandboxCu.Sandbox is used to create a sandbox object
let sandbox = Cu.Sandbox(principal[, options]);
Using new Cu.Sandbox(...) to create a sandbox has the same effect as calling Cu.Sandbox(...) without new.
In JS, Cu.Sandbox uses the following parameters:
The security principal defined for a sandbox determines what code
running in that sandbox will be allowed to do. The principal may be one
of four types: the system principal, a content principal, an expanded
principal or a null principal. Depending on the principal type,
this argument can be a nsIPrincipal, a Window, a String, an Array
or null. See below.
A content principal can be provided by passing a nsIPrincipal, a
DOM Window, or a string URI (not recommended).
An expanded (or extended) principal is an array of principals,
where each item can be either a nsIPrincipal, a DOM window or a
string URI.
A null principal can either be specified by passing null or
created explicitly with Cc["@mozilla.org/nullprincipal;1"].createInstance(Ci.nsIPrincipal);
Optional parameters, valid properties are:
Readonly isBug 1621603 - Remove strict_mode.
Do not use this API! Instead use "use strict"; at the top of your JS file.
Optional aInstancePtr: objectA run time mechanism for interface discovery.
NS_OK if the interface is supported by the associated instance, NS_NOINTERFACE if it is not.
aInstancePtr must not be null.
[in] A requested interface IID
[out] A pointer to an interface pointer to receive the result.
API to dynamically block script for a given global. This takes effect immediately, unlike other APIs that only affect newly-created globals.
The machinery here maintains a counter, and allows script only if each call to blockScriptForGlobal() has been matched with a call to unblockScriptForGlobal(). The caller must make sure never to call unblock() more times than it calls block(), since that could potentially interfere with another consumer's script blocking.
To be called from JS only.
Call 'function', using the provided stack as the async stack responsible for the call, and propagate its return value or the exception it throws. The function is called with no arguments, and 'this' is 'undefined'.
The code in the function will see the given stack frame as the asyncCaller of its own stack frame, instead of the current caller.
Clone an object into a scope. The 3rd argument is an optional options object:
Create a commandline object.
a new nsICommandLine instance.
The arguments of the command line, not including the app/program itself.
An optional working directory for the command line.
The command line's state, one of nsICommandLine.STATE_INITIAL_LAUNCH,
nsICommandLine.STATE_REMOTE_AUTO, or
nsICommandLine.STATE_REMOTE_EXPLICIT.
To be called from JS only.
Returns an object created in |vobj|'s compartment. If defineAs property on the options object is a non-null ID, the new object will be added to vobj as a property. Also, the returned new object is always automatically waived (see waiveXrays).
evalInSandbox is designed to be called from JavaScript only.
evalInSandbox evaluates the provided source string in the given sandbox. It returns the result of the evaluation to the caller.
var s = new C.u.Sandbox("http://www.mozilla.org"); var res = C.u.evalInSandbox("var five = 5; 2 + five", s); var outerFive = s.five; s.seven = res; var thirtyFive = C.u.evalInSandbox("five * seven", s);
To be called from JS only.
Instead of simply wrapping a function into another compartment, this helper function creates a native function in the target compartment and forwards the call to the original function. That call will be different than a regular JS function call in that, the |this| is left unbound, and all the non-native JS object arguments will be cloned using the structured clone algorithm. The return value is the new forwarder function, wrapped into the caller's compartment. The 3rd argument is an optional options object:
Gets the name of the JSClass of the object.
if |aUnwrap| is true, all wrappers are unwrapped first. Unless you're specifically trying to detect whether the object is a proxy, this is probably what you want.
Returns a name for the given function or object which is useful for debugging. It will be very similar to the name displayed in call stacks. Objects which contain a single enumerable property which is a function will generate a name based on that function. Any other non-function objects will return "nonfunction".
Gets the incument global for the execution of this function. For internal and testing use only.
If |callback| is passed, it is invoked with the incumbent global as its sole argument. This allows the incumbent global to be measured in callback environments with no scripted frames on the stack.
Gets the URI or identifier string associated with an object's realm (the same one used by the memory reporter machinery).
Unwraps cross-compartment wrappers first.
The string formats and values may change at any time. Do not depend on this from addon code.
getSandboxMetadata is designed to be called from JavaScript only.
getSandboxMetadata retrieves the metadata associated with a sandbox object. It will return undefined if there is no metadata attached to the sandbox.
var s = C.u.Sandbox(..., { metadata: "metadata" }); var metadata = C.u.getSandboxMetadata(s);
Retrieve the last time, in microseconds since epoch, that a given watchdog-related event occured.
Valid categories: "ContextStateChange" - Context switching between active and inactive states "WatchdogWakeup" - Watchdog waking up from sleeping "WatchdogHibernateStart" - Watchdog begins hibernating "WatchdogHibernateStop" - Watchdog stops hibernating
When C++-Implemented code does security checks, it can generally query the subject principal (i.e. the principal of the most-recently-executed script) in order to determine the responsible party. However, when an API is implemented in JS, this doesn't work - the most-recently-executed script is always the System-Principaled API implementation. So we need another mechanism.
Hence the notion of the "WebIDL Caller". If the current Entry Script on the Script Settings Stack represents the invocation of JS-implemented WebIDL, this API returns the principal of the caller at the time of invocation. Otherwise (i.e. outside of JS-implemented WebIDL), this function throws. If it throws, you probably shouldn't be using it.
import is designed to be called from JavaScript only.
Synchronously loads and evaluates the js file located at 'registryLocation' with a new, fully privileged global object.
If 'targetObj' is specified and equal to null, returns the module's global object. Otherwise (if 'targetObj' is not specified, or 'targetObj' is != null) looks for a property 'EXPORTED_SYMBOLS' on the new global object. 'EXPORTED_SYMBOLS' is expected to be an array of strings identifying properties on the global object. These properties will be installed as properties on 'targetObj', or, if 'targetObj' is not specified, on the caller's global object. If 'EXPORTED_SYMBOLS' is not found, an error is thrown.
the module code's global object.
The implementation maintains a hash of registryLocation->global obj. Subsequent invocations of importModule with 'registryLocation' pointing to the same file will not cause the module to be re-evaluated, but the symbols in EXPORTED_SYMBOLS will be exported into the specified target object and the global object returned as above.
the object to install the exported properties on. If this parameter is a primitive value, this method throws an exception.
Imports global properties (like DOM constructors) into the scope, defining them on the caller's global. aPropertyList should be an array of property names.
See xpc::GlobalProperties::Parse for the current list of supported properties.
Returns true if the JSM is loaded into the system global previously via the import method above, or corresponding ESM is loaded. Returns false otherwise.
boolean, true if the js file has been loaded via import. false otherwise
Determines whether this value is a remote object proxy, such as RemoteWindowProxy or RemoteLocationProxy, for an out-of-process frame.
Remote object proxies do not grant chrome callers the same exemptions to the same-origin-policy that in-process wrappers typically do, so this can be used to determine whether access to cross-origin proxies is safe:
if (!Cu.isRemoteProxy(frame.contentWindow)) { frame.contentWindow.doCrossOriginThing(); }
Reads the given file and returns its contents. If called during early startup, the file will be pre-read on a background thread during profile startup so its contents will be available the next time they're read.
The file must be a text file encoded in UTF-8. Otherwise the result is undefined.
To be called from JS only. This is for Gecko internal use only, and may disappear at any moment.
Forces a recomputation of all wrappers in and out of the compartment containing |vobj|. If |vobj| is not an object, all wrappers system-wide are recomputed.
reportError is designed to be called from JavaScript only.
It will report a JS Error object to the JS console, and return. It is meant for use in exception handler blocks which want to "eat" an exception, but still want to report it to the console.
It must be called with one param, usually an object which was caught by an exception handler. If it is not a JS error object, the parameter is converted to a string and reported as a new error.
If called with two parameters, and the first parameter is not an object, the second parameter is used as the stack for the error report.
setSandboxMetadata is designed to be called from JavaScript only.
setSandboxMetadata sets the metadata associated with a sandbox object.
Note that the metadata object will be copied before being used. The copy will be performed using the structured clone algorithm. Note that this algorithm does not support reflectors and it will throw if it encounters them.
To be called from JS only. This is for Gecko internal use only, and may disappear at any moment.
Enables Xray vision for same-compartment access for the compartment indicated by |vscope|. All outgoing wrappers are recomputed.
This must not be called on chrome (system-principal) scopes.
Unloads the JS module at 'registryLocation'. Existing references to the module will continue to work but any subsequent import of the module will reload it and give new reference. If the JS module hasn't yet been imported then this method will do nothing.
Generated using TypeDoc
interface of Components.utils