Add-ons using the techniques described in this document are considered a legacy technology in Firefox. Don't use these techniques to develop new add-ons. Use WebExtensions instead. If you maintain an add-on which uses the techniques described here, consider migrating it to use WebExtensions.
From Firefox 53 onwards, no new legacy add-ons will be accepted on addons.mozilla.org (AMO).
From Firefox 57 onwards, WebExtensions will be the only supported extension type, and Firefox will not load other types.
Even before Firefox 57, changes coming up in the Firefox platform will break many legacy extensions. These changes include multiprocess Firefox (e10s), sandboxing, and multiple content processes. Legacy extensions that are affected by these changes should migrate to WebExtensions if they can. See the "Compatibility Milestones" document for more.
A wiki page containing resources, migration paths, office hours, and more, is available to help developers transition to the new technologies.
Experimental
Create JavaScript sandboxes and execute scripts in them.
Usage
Create a sandbox
To create a sandbox:
const { sandbox, evaluate, load } = require("sdk/loader/sandbox"); let scope = sandbox('http://example.com');
The argument passed to the sandbox defines its privileges. The argument may be:
- a URL string, in which case the sandbox will get the same privileges as a script loaded from that URL
- a DOM window object, to inherit privileges from the window being passed.
- omitted or
null
: then the sandbox will have chrome privileges giving it access to all the XPCOM components.
Optionally the sandbox
function can be passed a second argument (See sandbox documentation on MDN for details).
Evaluate code
Module provides evaluate
function that lets you execute code in the given sandbox:
evaluate(scope, 'var a = 5;'); evaluate(scope, 'a + 2;'); //=> 7
More details about evaluated script may be passed via optional arguments that may improve exception reporting:
// Evaluate code as if it was loaded from 'http://foo.com/bar.js' and // start from 2nd line. evaluate(scope, 'a ++', 'http://foo.com/bar.js', 2);
Version of JavaScript can be also specified via an optional argument:
evaluate(scope, 'let b = 2;', 'bar.js', 1, '1.5'); // throws cause `let` is not defined in JS 1.5.
Load scripts
This module provides a limited API for loading scripts from local URLs. data:
URLs are supported.
load(scope, 'resource://path/to/my/script.js'); load(scope, 'file:///path/to/script.js'); load(scope, 'data:,var a = 5;');
Globals
Functions
sandbox(source)
Make a new sandbox that inherits principals from source
.
Parameters
source : string|window|null
An object that determines the privileges that will be given to the sandbox. This argument can be:
- a URI string, giving the sandbox the same privileges as a script loaded from that URL
- a DOM window object, giving the sandbox the same privileges as the DOM window
null
, to give the sandbox chrome privileges.
Returns
sandbox : A sandbox in which you can evaluate and load JavaScript.
evaluate(sandbox, code, uri, line, version)
Evaluate code
in sandbox
, and return the result.
Parameters
sandbox : sandbox
The sandbox to use.
code : string
The code to execute.
uri : string
Evaluate the code as if it were being loaded from the given URI. Optional.
line : number
Evaluate the code starting at this line. Optional, defaults to 1.
version : string
Evaluate the code using this version of JavaScript. Defaults to 1.8.
Returns
result : Returns whatever the evaluated code returns.
load(sandbox, uri)
Evaluate code from uri
in sandbox
.
Parameters
sandbox : sandbox
The sandbox to use.
uri : string
The URL pointing to the script to load. It must be a local chrome:
, resource:
, file:
or data:
URL.
Returns
result : Returns whatever the evaluated code returns.