Mercurial > pydertron
view docs.html @ 35:6ddc83bb61f8 default tip
added another gc test
| author | Atul Varma <avarma@mozilla.com> |
|---|---|
| date | Mon, 10 May 2010 21:01:58 -0700 |
| parents | d28100e071a7 |
| children |
line wrap: on
line source
<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="generator" content="Docutils 0.6: http://docutils.sourceforge.net/" /> <title>Pydertron</title> <link rel="stylesheet" href="docs.css" type="text/css" /> </head> <body> <div class="document" id="pydertron"> <h1 class="title">Pydertron</h1> <p>Pydertron is an experimental high-level wrapper for <a class="reference external" href="http://code.google.com/p/pydermonkey">Pydermonkey</a> that provides convenient, secure object wrapping between JS and Python space.</p> <p>Note that Pydertron is just one example of a high-level interface between Python and JavaScript: it assumes, for instance, that the JS code it executes isn't trusted, which affects the nature of the inter-language interaction.</p> <p>Pydertron is currently hosted at <a class="reference external" href="http://hg.toolness.com/pydertron">http://hg.toolness.com/pydertron</a>. Please feel free to send any questions or comments to <a class="reference external" href="mailto:atul@mozilla.com">atul@mozilla.com</a>.</p> <div class="section" id="the-basics"> <h1>The Basics</h1> <p>The <tt class="docutils literal">JsSandbox</tt> class encapsulates a JavaScript runtime, context, global object, and a simple <a class="reference external" href="http://wiki.commonjs.org/wiki/CommonJS/Modules/SecurableModules">SecurableModule</a> implementation that complies with the <a class="reference external" href="http://wiki.commonjs.org/wiki/CommonJS">CommonJS</a> standard. It also provides a high-level bridge between Python and JavaScript so that you don't need to deal with any of the low-level details of the Pydermonkey API.</p> <p>For instance, here we'll create a <tt class="docutils literal">JsSandbox</tt> whose module root points to the <a class="reference external" href="http://interoperablejs.googlecode.com/svn/trunk/compliance/monkeys/">monkeys</a> SecurableModule compliance test over HTTP:</p> <blockquote> <pre class="doctest-block"> >>> url = ("http://interoperablejs.googlecode.com/svn/trunk/" ... "compliance/monkeys/") >>> sandbox = JsSandbox(HttpFileSystem(url)) </pre> </blockquote> <p>This compliance test requires a global <tt class="docutils literal">sys</tt> object that contains one method, <tt class="docutils literal">print()</tt>, that takes two arguments. First, we'll create the <tt class="docutils literal">print()</tt> function and prepare it for exposure to JS code:</p> <blockquote> <pre class="doctest-block"> >>> @jsexposed ... def jsprint(message, label): ... print message, label </pre> </blockquote> <p>Note the use of the <tt class="docutils literal">@jsexposed</tt> decorator: all this does is set the function's <tt class="docutils literal">__jsexposed__</tt> attribute to <tt class="docutils literal">True</tt>. This is done for security purposes: only Python callables satisfying this criteria will be exposed to JavaScript code, to ensure that untrusted JS can't accidentally gain access to privileged Python functionality.</p> <p>Creating a JS object can be done like this:</p> <blockquote> <pre class="doctest-block"> >>> system = sandbox.new_object() </pre> </blockquote> <p>We can now access and set properties on this object via either item or attribute lookup, just like in JavaScript. Because <tt class="docutils literal">print</tt> is a reserved word in Python, though, we'll use item lookup to set the property here:</p> <blockquote> <pre class="doctest-block"> >>> system['print'] = jsprint </pre> </blockquote> <p>Now we tell the sandbox that we want the <tt class="docutils literal">sys</tt> object to be a global:</p> <blockquote> <pre class="doctest-block"> >>> sandbox.set_globals(sys = system) </pre> </blockquote> <p>And finally, we execute the compliance test by running a one-line script that imports the 'program' module, like so:</p> <blockquote> <pre class="doctest-block"> >>> sandbox.run_script("require('program');") PASS monkeys permitted pass DONE info 0 </pre> </blockquote> <p>Note the <tt class="docutils literal">0</tt> in the last line: this is the return value of <tt class="docutils literal">sandbox.run_script()</tt>, which returns <tt class="docutils literal">0</tt> on success, and <tt class="docutils literal"><span class="pre">-1</span></tt> if an exception was raised. For instance, the output of bad code looks like this:</p> <blockquote> <pre class="doctest-block"> >>> sandbox.run_script("(function foo() { bar(); })();", ... stderr=sys.stdout) Traceback (most recent call last): File "<string>", line 1, in <module> File "<string>", line 1, in foo ReferenceError: bar is not defined -1 </pre> </blockquote> <p>Note that the traceback displayed is actually referring to JavaScript code: one of Pydertron's aims is to make debugging JS code as much like debugging Python code as possible.</p> </div> <div class="section" id="exceptions"> <h1>Exceptions</h1> <p>Any exceptions raised by wrapped Python functions need to be of type <tt class="docutils literal">pydermonkey.ScriptError</tt> to be propagated into calling JavaScript code; if they're not, then for security purposes, the entire JavaScript call stack is unrolled.</p> <p>For example, here's a function that's bound to fail:</p> <blockquote> <pre class="doctest-block"> >>> @jsexposed ... def fail(): ... o() >>> sandbox.root.fail = fail </pre> </blockquote> <p>Now, even though the following JS code calls the function in a try-catch block, the JS code doesn't catch anything and its execution is simply halted:</p> <blockquote> <pre class="doctest-block"> >>> sandbox.run_script("try { fail(); } catch (e) {}", ... stderr=sys.stdout) #doctest: +ELLIPSIS An internal error occurred. Traceback (most recent call last): ... NameError: global name 'o' is not defined -1 </pre> </blockquote> <p>Note that a <tt class="docutils literal">KeyboardInterrupt</tt> triggered while JS is executing will have similar effect.</p> </div> </div> <div class="footer"> <hr class="footer" /> <a class="reference external" href="docs.txt">View document source</a>. </div> </body> </html>