email@hidden (Geoffrey Garen) on 12/15/05(7:15 PM-0800) wrote:
>As far as I know, sharing with JavaScript shouldn't introduce any
>differences in retain/release semantics in cocoa. You should just
>treat these as ordinary cocoa methods. So, yes, you should
>autorelease the string allocated and returned by styleAction because
>the cocoa convention is that accessor methods return autoreleased
>objects with a retain count of 1. (Even better, you could use an
>NSString convenience method, like +stringWithString:, to get such an
>object.) The @"" convention is just like calling +[NSString
>stringWithCharacters:length:], which will do the right thing.
Ok, thanks. I think I'll do exactly that.
>As a side note, the behavior you've implemented is just like always
>returning NO from isSelectorExcludedFromWebScript. You can pass
>cocoaFunction:withString: any method name, and it will execute that
>method. This is a security hole that would allow JavaScript to
>execute arbitrary methods in Objective-C. The purpose of
>isSelectorExcludedFromWebScript is to avoid such security holes. If
>you want to avoid constantly having to edit the method during
>development, consider setting it to return NO unconditionally while
>you develop, and change it to return NO only for the mehods you want
>to expose before shipping.
Point taken. I'll put this on the release checklist. Thanks!
Thanks
Jeff
_______
>>On Dec 15, 2005, at 12:08 PM, Jeffrey Johnson wrote:
>> + (BOOL)isSelectorExcludedFromWebScript:(SEL)selector
>> {
>> if (selector == @selector(cocoaFunction:withString:)) {
>> return NO;
>> }
>> return YES;
>> }
>>
>> - (NSString *)cocoaFunction:(NSString*)functionName withString:
>> (NSString *)dataString
>> {
>> NSString * someString;
>>
>> NSString * selName = [ functionName
>> stringByAppendingString:@":" ];
>> SEL sel = NSSelectorFromString(selName);
>>
>> if ( [self respondsToSelector:sel] ) {
>> someString = [self performSelector:sel withObject:dataString];
>> }
>> else {
>> NSLog(@"javascript called cocoaFunction: with unknown
>> selector: |%@|", functionName);
>> return @"%UNKNOWNFUNCTION";
>> }
>>
>> return someString;
>> }
>> - (NSString *) styleAction:(NSString *)dataString
>> {
>> NSString * returnString = [[[NSString alloc]
>> initWithString:dataString] autorelease] ;
>>
>> return returnString;
>> }
>>
>> Given a JavaScript
>> callCocoaWithString("styleAction","a String")
>>
>> am I doing the right thing with regards to autoreleasing the string
>> returned by styleAction: ? What about the static string I return in
>> cocoaFunction:withString: for unknown selectors?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webkitsdk-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webkitsdk-dev/email@hidden
This email sent to email@hidden
