gecko-dev/js/rhino/docs/overview.html

<!-- ***** BEGIN LICENSE BLOCK *****
   - Version: MPL 1.1/GPL 2.0
   -
   - The contents of this file are subject to the Mozilla Public License Version
   - 1.1 (the "License"); you may not use this file except in compliance with
   - the License. You may obtain a copy of the License at
   - http://www.mozilla.org/MPL/
   -
   - Software distributed under the License is distributed on an "AS IS" basis,
   - WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
   - for the specific language governing rights and limitations under the
   - License.
   -
   - The Original Code is Rhino code, released May 6, 1999.
   -
   - The Initial Developer of the Original Code is
   - Netscape Communications Corporation.
   - Portions created by the Initial Developer are Copyright (C) 1997-1999
   - the Initial Developer. All Rights Reserved.
   -
   - Contributor(s):
   -
   - Alternatively, the contents of this file may be used under the terms of
   - the GNU General Public License Version 2 or later (the "GPL"), in which
   - case the provisions of the GPL are applicable instead of those above. If
   - you wish to allow use of your version of this file only under the terms of
   - the GPL and not to allow others to use your version of this file under the
   - MPL, indicate your decision by deleting the provisions above and replacing
   - them with the notice and other provisions required by the GPL. If you do
   - not delete the provisions above, a recipient may use your version of this
   - file under either the MPL or the GPL.
   -
   - ***** END LICENSE BLOCK ***** -->

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Language" content="en">
<meta http-equiv="Content-Style-Type" content="text/css">

   <meta name="Author" content="Norris Boyd">
   <title>JavaScript Overview</title>

<link rel="up" href="./" title="Rhino project page">
<link rel="section" href="#language" title="Language">
<link rel="section" href="#deprec" title="Deprecated Language Features">
<link rel="section" href="#versions" title="JavaScript Language Versions">
<link rel="section" href="#security" title="Security">

</head>

<body>

<p class="crumbs"><em>You are here:</em> <a href="./">Rhino project page</a> &gt; <strong>JavaScript Overview</strong></p>

<h1 style="text-align: center;">Rhino Overview</h1>

<h2>Overview of Rhino</h2>

<p>Most people who have used JavaScript before have done so by adding scripts
to their HTML web pages. However, Rhino is an implementation of the core
language only and doesn't contain objects or methods for manipulating HTML
documents.</p>
<p>Rhino contains</p>

<ul>
  <li>All the features of JavaScript 1.5</li>
  <li>Allows direct scripting of Java</li>
  <li>A JavaScript shell for executing JavaScript scripts</li>
  <li>A JavaScript compiler to transform JavaScript source files into Java class
files</li>
</ul>

<h2><a name="language" id="language">Language</a></h2>
<p>The JavaScript language itself is standardized by Standard ECMA-262 
<i>ECMAScript: A general purpose, cross-platform programming language</i>. 
Rhino 1.5 implements JavaScript 1.5, which conforms to Edition 3 of 
the Standard. The Standard may be <a class="ex-ref" href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">downloaded</a> 
or obtained by mail from</p>

<address>ECMA,<br> 
114 Rue du Rh&ocirc;ne,<br>
CH1204 Geneva,
<br>Switzerland.</address>

<p>Rhino 1.6 also implements ECMA-357 <i>ECMAScript for XML (E4X)</i>. 
See the <a class="ex-ref" href="http://www.ecma-international.org/publications/standards/Ecma-357.htm">specification</a> 
for more information on the standard, and 
<a href="rhino16R1.html#E4X">Rhino version 1.6R1</a> for details on 
the implementation in Rhino.</p>

<p>In addition, Rhino has implemented JavaAdapters, which allows JavaScript
to implement any Java interface or extend any Java class with a JavaScript
object. See the <code class="filename">enum.js</code> example for more 
information.</p>
<p>Numerous books and tutorials on JavaScript are available.</p>

<h3><a name="deprec" id="deprec">Deprecated Language Features</a></h3>
<p>Several language features introduced in JavaScript 1.2 are now deprecated.
These features allow "computational reflection": that is, the ability for
a script to determine and influence aspects of the way it is evaluated.
These features are generally not broadly useful, yet they impose significant
constraints on implementations that hamper or prevent optimization. The
deprecated features are the <tt>__proto__</tt> and <tt>__parent__</tt>
properties, and the constructors <tt>With</tt>, <tt>Closure</tt>, and <tt>Call</tt>.
Attempts to invoke these constructors with the language version 1.4 will
result in an error. For other versions, a warning will be generated.</p>

<h3>Internationalization</h3>
<p>The messages reported by the JavaScript engine are by default retrieved
from the property file <code class="filename">org/mozilla/javascript/resources/Messages.properties</code>.
If other properties files with extensions corresponding to the current
locale exist, they will be used instead.</p>

<h3><a name="versions" id="versions">JavaScript Language Versions</a></h3>
<p>Some behavior in the JavaScript engine is dependent on the 
language version. In browser embeddings, this language version is selected 
using the LANGUAGE attribute of the SCRIPT tag with values such as 
"JavaScript1.2". <p>Version 1.3 and greater are ECMA conformant.</p>
<p><b>Operators <tt>==</tt> and <tt>!=</tt></b></p>
<p>Version 1.2 only uses strict equality for the == and != operators. In
version 1.3 and greater, == and != have the same meanings as ECMA. The
operators === and !== use strict equality in all versions.</p>
<p><b>ToBoolean</b></p>
<p><tt>Boolean(new Boolean(false))</tt> is false for all versions before
1.3. It is true (and thus ECMA conformant) for version 1.3 and greater.
<p><b>Array.prototype.toString and Object.prototype.toString</b>
<p>Version 1.2 only returns array or object literal notation ("[1,2,3]"
or "{a:1, b:2}" for example). In version 1.3 and greater these functions
are ECMA conformant.</p>
<p><b>Array constructor</b></p>
<p><code>Array(i)</code> for a number argument <var>i</var> constructs an 
array with a single element equal to <var>i</var> for version 1.2 only. 
Otherwise the ECMA conformant version is used (an array is constructed 
with no elements but with length property equal to <var>i</var>).</p>
<p><b>String.prototype.substring</b></p>
<p>For version 1.2 only, the two arguments are not swapped if the first
argument is less than the second one. All other versions are ECMA compliant.
<p><b>String.prototype.split</b></p>
<p>For version 1.2 only, split performs the Perl4 special case when given
a single space character as an argument (skips leading whitespace, and
splits on whitespace). All other versions split on the space character
proper as specified by ECMA.</p>

<h2><a name="security" id="security">Security</a></h2>
<p>The security features in Rhino provide the ability to track the origin
of a piece of code (and any pieces of code that it may in turn generate).
These features allow for the implementation of a traditional URL-based
security policy for JavaScript as in Netscape Navigator. Embeddings that
trust the JavaScript code they execute may ignore the security features.</p>

<p>Embeddings that run untrusted JavaScript code must do two things to
enable the security features. First, every <code>Context</code> that is 
created must be supplied an instance of an object that implements the 
<tt>SecuritySupport</tt> interface. This will provide Rhino the support 
functionality it needs to perform security-related tasks.</p>

<p>Second, the value of the property 
<code class="filename">security.requireSecurityDomain</code>
should be changed to <var>true</var> in the resource bundle <code class="filename">org.mozilla.javascript.resources.Security</code>.
The value of this property can be determined at runtime by calling the
<code>isSecurityDomainRequired</code>
method of <code>Context</code>. Setting this property to true requires that
any calls that compile or evaluate JavaScript must supply a security domain
object of any object type that will be used to identify JavaScript code.
In a typical client embedding, this object might be a string with the URL
of the server that supplied the script, or an object that contains a 
representation of the signers of a piece of code for certificate-based 
security policies.</p>

<p>When JavaScript code attempts a restricted action, the security domain
can be retrieved in the following manner. The class context should be 
obtained from the security manager (see <code class="command">java.lang.SecurityManager.getClassContext()</code>).
Then, the class of the code that called to request the restricted action
can be obtained by looking an appropriate index into the class context
array. If the caller is JavaScript the class obtained may be one of two
types. First, it may be the class of the interpreter if interpretive mode
is in effect. Second, it may be a generated class if classfile generation
is supported. An embedding can distinguish the two cases by calling 
<code class="command">isInterpreterClass()</code>
in the <code class="filename">Context</code> class. If it is the 
interpreter class, call the getInterpreterSecurityDomain() method of 
Context to obtain the security domain of the currently executing 
interpreted script or function. Otherwise, it must be a generated class, 
and an embedding can call <code class="command">getSecurityDomain()</code>
in the class implementing <code>SecuritySupport</code>. When the class was
defined and loaded, the appropriate security domain was associated with
it, and can be retrieved by calling this method. Once the security domain
has been determined, an embedding can perform whatever checks are 
appropriate to determine whether access should be allowed.</p>

</body>
</html>