This article covers features introduced in SpiderMonkey 1.8.1
Configure SpiderMonkey security hooks.
Syntax
/* Added in SpiderMonkey 17 */ void JS_SetSecurityCallbacks(JSRuntime *rt, const JSSecurityCallbacks *callbacks); const JSSecurityCallbacks * JS_GetSecurityCallbacks(JSRuntime *rt); /* Obsolete since JSAPI 13 */ JSSecurityCallbacks * JS_SetContextSecurityCallbacks(JSContext *cx, JSSecurityCallbacks *callbacks); JSSecurityCallbacks * JS_GetRuntimeSecurityCallbacks(JSRuntime *rt); JSSecurityCallbacks * JS_SetRuntimeSecurityCallbacks(JSRuntime *rt, JSSecurityCallbacks *callbacks);
| Name | Type | Description |
|---|---|---|
rt |
JSRuntime * |
A runtime to get/set the security callbacks. |
callbacks |
const JSSecurityCallbacks * |
A pointer to the new callbacks for the runtime. |
Callback Structure
struct JSSecurityCallbacks {
JSCSPEvalChecker contentSecurityPolicyAllows; // Added in SpiderMonkey 1.8.5
JSSubsumesOp subsumes; // Added in SpiderMonkey 31
JSCheckAccessOp checkObjectAccess; // Obsolete since JSAPI 29
JSPrincipalsTranscoder principalsTranscoder; // Obsolete since JSAPI 13
JSObjectPrincipalsFinder findObjectPrincipals; // Obsolete since JSAPI 13
};
| Name | Type | Description |
|---|---|---|
contentSecurityPolicyAllows |
JSCSPEvalChecker |
A pointer to the function which checks if a CSP instance wants to disable eval() and friends. Use NULL is not needed. |
subsumes |
JSSubsumesOp |
A pointe to the function which returns whether the first principal subsumes the second. Use NULL is not needed. |
Description
JS_SetSecurityCallbacks sets the runtime's security callbacks to callbacks. It allows the embedding to control certain aspects of JS code execution based on security settings of the global object the code is executed in. If callbacks is NULL, it sets callbacks to default value.
JS_GetSecurityCallbacks returns the runtime's current security callbacks. If the callbacks are default value, it returns NULL
See Also
- MXR ID Search for
JS_GetSecurityCallbacks - MXR ID Search for
JS_SetSecurityCallbacks JSPrincipalsJSCSPEvalCheckerJSSubsumesOp- bug 957688 - removed
checkObjectAccess - bug 924905 - added
subsumes - bug 728250 - added -
JS_GetSecurityCallbacksandJS_SetSecurityCallbacks, removedJS_SetContextSecurityCallbacks,JS_GetRuntimeSecurityCallbacks, andJS_SetRuntimeSecurityCallbacks