# HG changeset patch # User Atul Varma # Date 1245678718 25200 # Node ID 83b891ccc47194b522c5af8607fc34572ebce10d # Parent 36b66c249446acf249d2d84de0ce78fb0dde5eb3 Added a README. diff -r 36b66c249446 -r 83b891ccc471 README --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/README Mon Jun 22 06:51:58 2009 -0700 @@ -0,0 +1,24 @@ +About Spidermonkey Playground +----------------------------- + +This is a simple C/C++ command-line program that embeds SpiderMonkey +and exposes a number of the JSAPI's functions [1] to a Trusted Code +Base written in JS. The goal here is to provide developers with an +easy way to explore and experiment with JavaScript security models in +a high-level language before actually implementing one in C/C++. + +The playground currently includes a highly experimental implementation +of SecurableModules [2] that allows for the exportation of +functionality to a module via require(). It also includes a "membrane" +or "wrapper" [3] implementation that allows secure membranes to be +implemented entirely in JavaScript. It's really just an exposing of +SpiderMonkey's JSClass/JSExtendedClass [4] to JavaScript, but it +should allow for pretty flexible enforcement of any kind of desired +security characteristic, from an Object-Capability Model like that of +Google Caja [5] to a read-only representation of a DOM structure. + +[1] https://developer.mozilla.org/en/SpiderMonkey +[2] https://wiki.mozilla.org/ServerJS/Modules/SecurableModules +[3] https://developer.mozilla.org/en/XPConnect_wrappers +[4] https://developer.mozilla.org/en/SpiderMonkey/JSAPI_Reference/JSClass +[5] http://code.google.com/p/google-caja/ diff -r 36b66c249446 -r 83b891ccc471 spidermonkey-playground.cpp --- a/spidermonkey-playground.cpp Mon Jun 22 06:32:32 2009 -0700 +++ b/spidermonkey-playground.cpp Mon Jun 22 06:51:58 2009 -0700 @@ -10,6 +10,9 @@ static JSContext *tcb_cx; static JSObject *tcb_global; +// TODO: Make sure we're rooting objects appropriately here so that +// the interpreter doesn't randomly crash or something. + /* The class of the global object. */ static JSClass global_class = { "global", JSCLASS_GLOBAL_FLAGS,