Warning: Use of undefined constant Symbol - assumed 'Symbol' (this will throw an Error in a future version of PHP) in /mnt/new-ebs/workbench-106550/lib/dojo/util/docscripts/lib/parser2/dojo2.inc on line 215 Warning: Use of undefined constant JavaScriptSymbol - assumed 'JavaScriptSymbol' (this will throw an Error in a future version of PHP) in /mnt/new-ebs/workbench-106550/lib/dojo/util/docscripts/lib/parser2/dojo2.inc on line 215

dojox/secure/capability.js

  • Provides:

    • dojox.secure.capability

  • dojox.secure.badProps

    • type
      RegExp

  • dojox.secure.capability

    • type
      Object

  • dojox.secure.capability.keywords

    • type
      Array

  • dojox.secure.capability.validate

    • parameters:
      • script: (typeof string)
        the script to execute
      • safeLibraries: (typeof Array)
        The safe libraries that can be called (the functions can not be access/modified by the untrusted code, only called)
      • safeGlobals: (typeof Object)
        These globals can be freely interacted with by the untrusted code
    • returns
      comments are replaced with a space, strings and regex are replaced with a single safe token (0)|replace literal keys with 0: and replace properties with the innocuous ~|turn into a known safe call
    • summary
      pass in the text of a script. If it passes and it can be eval'ed, it should be safe.
Note that this does not do full syntax checking, it relies on eval to reject invalid scripts.
There are also known false rejections:
Nesting vars inside blocks will not declare the variable for the outer block
Named functions are not treated as declaration so they are generally not allowed unless the name is declared with a var.
Var declaration that involve multiple comma delimited variable assignments are not accepted
    • type
      Function

  • dojox.secure.capability.validate.keywords

  • dojox.secure

    • type
      Object

  • dojox

    • type
      Object