mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-11 12:25:53 +00:00
198 lines
9.9 KiB
HTML
198 lines
9.9 KiB
HTML
<!-- ***** BEGIN LICENSE BLOCK *****
|
|
- Version: MPL 1.1/GPL 2.0
|
|
-
|
|
- The contents of this file are subject to the Mozilla Public License Version
|
|
- 1.1 (the "License"); you may not use this file except in compliance with
|
|
- the License. You may obtain a copy of the License at
|
|
- http://www.mozilla.org/MPL/
|
|
-
|
|
- Software distributed under the License is distributed on an "AS IS" basis,
|
|
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
- for the specific language governing rights and limitations under the
|
|
- License.
|
|
-
|
|
- The Original Code is Rhino code, released May 6, 1999.
|
|
-
|
|
- The Initial Developer of the Original Code is
|
|
- Netscape Communications Corporation.
|
|
- Portions created by the Initial Developer are Copyright (C) 1997-1999
|
|
- the Initial Developer. All Rights Reserved.
|
|
-
|
|
- Contributor(s):
|
|
-
|
|
- Alternatively, the contents of this file may be used under the terms of
|
|
- the GNU General Public License Version 2 or later (the "GPL"), in which
|
|
- case the provisions of the GPL are applicable instead of those above. If
|
|
- you wish to allow use of your version of this file only under the terms of
|
|
- the GPL and not to allow others to use your version of this file under the
|
|
- MPL, indicate your decision by deleting the provisions above and replacing
|
|
- them with the notice and other provisions required by the GPL. If you do
|
|
- not delete the provisions above, a recipient may use your version of this
|
|
- file under either the MPL or the GPL.
|
|
-
|
|
- ***** END LICENSE BLOCK ***** -->
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
|
|
|
<html lang="en">
|
|
|
|
<head>
|
|
|
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
|
<meta http-equiv="Content-Language" content="en">
|
|
<meta http-equiv="Content-Style-Type" content="text/css">
|
|
|
|
<meta name="Author" content="Norris Boyd">
|
|
<title>JavaScript Overview</title>
|
|
|
|
<link rel="up" href="./" title="Rhino project page">
|
|
<link rel="section" href="#language" title="Language">
|
|
<link rel="section" href="#deprec" title="Deprecated Language Features">
|
|
<link rel="section" href="#versions" title="JavaScript Language Versions">
|
|
<link rel="section" href="#security" title="Security">
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<p class="crumbs"><em>You are here:</em> <a href="./">Rhino project page</a> > <strong>JavaScript Overview</strong></p>
|
|
|
|
<h1 style="text-align: center;">Rhino Overview</h1>
|
|
|
|
<h2>Overview of Rhino</h2>
|
|
|
|
<p>Most people who have used JavaScript before have done so by adding scripts
|
|
to their HTML web pages. However, Rhino is an implementation of the core
|
|
language only and doesn't contain objects or methods for manipulating HTML
|
|
documents.</p>
|
|
<p>Rhino contains</p>
|
|
|
|
<ul>
|
|
<li>All the features of JavaScript 1.5</li>
|
|
<li>Allows direct scripting of Java</li>
|
|
<li>A JavaScript shell for executing JavaScript scripts</li>
|
|
<li>A JavaScript compiler to transform JavaScript source files into Java class
|
|
files</li>
|
|
</ul>
|
|
|
|
<h2><a name="language" id="language">Language</a></h2>
|
|
<p>The JavaScript language itself is standardized by Standard ECMA-262
|
|
<i>ECMAScript: A general purpose, cross-platform programming language</i>.
|
|
Rhino 1.5 implements JavaScript 1.5, which conforms to Edition 3 of
|
|
the Standard. The Standard may be <a class="ex-ref" href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">downloaded</a>
|
|
or obtained by mail from</p>
|
|
|
|
<address>ECMA,<br>
|
|
114 Rue du Rhône,<br>
|
|
CH1204 Geneva,
|
|
<br>Switzerland.</address>
|
|
|
|
<p>Rhino 1.6 also implements ECMA-357 <i>ECMAScript for XML (E4X)</i>.
|
|
See the <a class="ex-ref" href="http://www.ecma-international.org/publications/standards/Ecma-357.htm">specification</a>
|
|
for more information on the standard, and
|
|
<a href="rhino16R1.html#E4X">Rhino version 1.6R1</a> for details on
|
|
the implementation in Rhino.</p>
|
|
|
|
<p>In addition, Rhino has implemented JavaAdapters, which allows JavaScript
|
|
to implement any Java interface or extend any Java class with a JavaScript
|
|
object. See the <code class="filename">enum.js</code> example for more
|
|
information.</p>
|
|
<p>Numerous books and tutorials on JavaScript are available.</p>
|
|
|
|
<h3><a name="deprec" id="deprec">Deprecated Language Features</a></h3>
|
|
<p>Several language features introduced in JavaScript 1.2 are now deprecated.
|
|
These features allow "computational reflection": that is, the ability for
|
|
a script to determine and influence aspects of the way it is evaluated.
|
|
These features are generally not broadly useful, yet they impose significant
|
|
constraints on implementations that hamper or prevent optimization. The
|
|
deprecated features are the <tt>__proto__</tt> and <tt>__parent__</tt>
|
|
properties, and the constructors <tt>With</tt>, <tt>Closure</tt>, and <tt>Call</tt>.
|
|
Attempts to invoke these constructors with the language version 1.4 will
|
|
result in an error. For other versions, a warning will be generated.</p>
|
|
|
|
<h3>Internationalization</h3>
|
|
<p>The messages reported by the JavaScript engine are by default retrieved
|
|
from the property file <code class="filename">org/mozilla/javascript/resources/Messages.properties</code>.
|
|
If other properties files with extensions corresponding to the current
|
|
locale exist, they will be used instead.</p>
|
|
|
|
<h3><a name="versions" id="versions">JavaScript Language Versions</a></h3>
|
|
<p>Some behavior in the JavaScript engine is dependent on the
|
|
language version. In browser embeddings, this language version is selected
|
|
using the LANGUAGE attribute of the SCRIPT tag with values such as
|
|
"JavaScript1.2". <p>Version 1.3 and greater are ECMA conformant.</p>
|
|
<p><b>Operators <tt>==</tt> and <tt>!=</tt></b></p>
|
|
<p>Version 1.2 only uses strict equality for the == and != operators. In
|
|
version 1.3 and greater, == and != have the same meanings as ECMA. The
|
|
operators === and !== use strict equality in all versions.</p>
|
|
<p><b>ToBoolean</b></p>
|
|
<p><tt>Boolean(new Boolean(false))</tt> is false for all versions before
|
|
1.3. It is true (and thus ECMA conformant) for version 1.3 and greater.
|
|
<p><b>Array.prototype.toString and Object.prototype.toString</b>
|
|
<p>Version 1.2 only returns array or object literal notation ("[1,2,3]"
|
|
or "{a:1, b:2}" for example). In version 1.3 and greater these functions
|
|
are ECMA conformant.</p>
|
|
<p><b>Array constructor</b></p>
|
|
<p><code>Array(i)</code> for a number argument <var>i</var> constructs an
|
|
array with a single element equal to <var>i</var> for version 1.2 only.
|
|
Otherwise the ECMA conformant version is used (an array is constructed
|
|
with no elements but with length property equal to <var>i</var>).</p>
|
|
<p><b>String.prototype.substring</b></p>
|
|
<p>For version 1.2 only, the two arguments are not swapped if the first
|
|
argument is less than the second one. All other versions are ECMA compliant.
|
|
<p><b>String.prototype.split</b></p>
|
|
<p>For version 1.2 only, split performs the Perl4 special case when given
|
|
a single space character as an argument (skips leading whitespace, and
|
|
splits on whitespace). All other versions split on the space character
|
|
proper as specified by ECMA.</p>
|
|
|
|
<h2><a name="security" id="security">Security</a></h2>
|
|
<p>The security features in Rhino provide the ability to track the origin
|
|
of a piece of code (and any pieces of code that it may in turn generate).
|
|
These features allow for the implementation of a traditional URL-based
|
|
security policy for JavaScript as in Netscape Navigator. Embeddings that
|
|
trust the JavaScript code they execute may ignore the security features.</p>
|
|
|
|
<p>Embeddings that run untrusted JavaScript code must do two things to
|
|
enable the security features. First, every <code>Context</code> that is
|
|
created must be supplied an instance of an object that implements the
|
|
<tt>SecuritySupport</tt> interface. This will provide Rhino the support
|
|
functionality it needs to perform security-related tasks.</p>
|
|
|
|
<p>Second, the value of the property
|
|
<code class="filename">security.requireSecurityDomain</code>
|
|
should be changed to <var>true</var> in the resource bundle <code class="filename">org.mozilla.javascript.resources.Security</code>.
|
|
The value of this property can be determined at runtime by calling the
|
|
<code>isSecurityDomainRequired</code>
|
|
method of <code>Context</code>. Setting this property to true requires that
|
|
any calls that compile or evaluate JavaScript must supply a security domain
|
|
object of any object type that will be used to identify JavaScript code.
|
|
In a typical client embedding, this object might be a string with the URL
|
|
of the server that supplied the script, or an object that contains a
|
|
representation of the signers of a piece of code for certificate-based
|
|
security policies.</p>
|
|
|
|
<p>When JavaScript code attempts a restricted action, the security domain
|
|
can be retrieved in the following manner. The class context should be
|
|
obtained from the security manager (see <code class="command">java.lang.SecurityManager.getClassContext()</code>).
|
|
Then, the class of the code that called to request the restricted action
|
|
can be obtained by looking an appropriate index into the class context
|
|
array. If the caller is JavaScript the class obtained may be one of two
|
|
types. First, it may be the class of the interpreter if interpretive mode
|
|
is in effect. Second, it may be a generated class if classfile generation
|
|
is supported. An embedding can distinguish the two cases by calling
|
|
<code class="command">isInterpreterClass()</code>
|
|
in the <code class="filename">Context</code> class. If it is the
|
|
interpreter class, call the getInterpreterSecurityDomain() method of
|
|
Context to obtain the security domain of the currently executing
|
|
interpreted script or function. Otherwise, it must be a generated class,
|
|
and an embedding can call <code class="command">getSecurityDomain()</code>
|
|
in the class implementing <code>SecuritySupport</code>. When the class was
|
|
defined and loaded, the appropriate security domain was associated with
|
|
it, and can be retrieved by calling this method. Once the security domain
|
|
has been determined, an embedding can perform whatever checks are
|
|
appropriate to determine whether access should be allowed.</p>
|
|
|
|
</body>
|
|
</html>
|