<br><br><div><span class="gmail_quote">On 6/28/06, <b class="gmail_sendername">Mark Hammond</b> <<a href="mailto:mhammond@skippinet.com.au">mhammond@skippinet.com.au</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Bob writes:<br><br>> I don't know how JavaScript is doing it yet. The critical thing<br>> for me for this month was trying to come up with a security model.<br><br>I don't fully understand how JS does it either, certainly not in any detail.
<br>I know that it uses the concept of a "principal" (the IDL file can be seen<br>at <a href="http://lxr.mozilla.org/seamonkey/source/caps/idl/nsIPrincipal.idl">http://lxr.mozilla.org/seamonkey/source/caps/idl/nsIPrincipal.idl
</a>) and I<br>think that the absence of any principals == "trusted code". I believe the<br>principals are obtained either from the JS stack, or from the "event source"<br>and a few other obscure exceptions. There is also lots of C code littered
<br>with explicit "is this code trusted" calls that makes implicit and explicit<br>javascript assumptions - not particularly deep assumptions, but they exist.</blockquote><div><br>Yeah. Luckily I am interning at Google this summer and so I have access to some Mozilla people internally to get help in pointing me in the right direction. =)
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Cross-language calls will also need consideration. JS will be able to<br>implicitly or explicitly call Python functions, which again will implicitly
<br>or explicitly call JS functions. Some of those frames will always be<br>unrestricted (ie, they are "components" - often written in C++, they can do<br>*anything*), but some will not. We have managed to punt on that given that
<br>Python is currently always unrestricted.</blockquote><div><br>How to work with JS will need to be dealt with eventually.<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
In the early stages though, Mozilla is happy to have Python enabled only for<br>trusted sources - that means it is limited to Mozilla extensions, or even a<br>completely new app using the Mozilla framework. From a practical viewpoint,
<br>that helps "mozilla the platform" more than it helps "firebox the browser"<br>etc. This sandboxing would help the browser, which is great!</blockquote><div><br>Yep! Also, to help with the "contribution to the field" part of my dissertation I hope to help develop ways to make developing web apps with Python easier and better than with JS. So the goal is to just make it a no-brainer to dev with Python on the web.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I'm confident that when the time comes we will get the ear of Brendan Eich<br>
to help steer us forward.</blockquote><div><br>Cool.<br><br>Mark, can you email me (publically or privately, don't care) links and stuff about pyXPCOM so that when I start working on stuff I know where you are at and such with integration? Obviously I want to keep you in the loop overall on this whole endeavour.
<br><br>-Brett<br></div><br></div>