我正在使用 XPCOM 开发一个 Firefox 插件,我还没有阅读所有文档,但据我所知,插件只是一个 DLL,它通过 XPCOM 接口提供服务并通过 XPCOM 接口与浏览器交互。由于插件本身是一个原生 DLL,安全模型将如何工作?它会依赖于用户信任插件不会做讨厌的事情这一事实,比如使用 OCX 控件吗?
我看不出有任何其他方法可以保护它……有吗?
问问题
217 次
2 回答
2
Just to clarify a few definitions, as far as I know, in Mozilla-land:
- a plugin is something that is used to render content via the NSAPI (think Flash, PDF, ...) and is normally not using XPCOM
- an extension is a package that extends Mozilla/Firefox via XUL and/or XPCOM, which can contain components and/or XUL GUI stuff.
- a component is a provider of XPCOM services and can be written in Javascript or as a native shared library/DLL
So I guess, what you want to do is an extension consisting of a component.
As an answer to your question: You are right, as soon as the user installs an extension, he is agreeing to trust that one. Even if it consists of Javascript code, it has automatically more access than web site Javascript.
于 2009-11-15T20:26:04.467 回答
0
XPCOM 似乎不是针对插件,而是针对应用程序,因此没有对安全性进行建模。
于 2009-11-15T20:08:33.993 回答