By jimbojw
via trephine.org
Published: Apr 12 2009 / 00:53
Using only native browser capabilities, it is impossible for a web application to access the user's hard drive. However, trephine allows users to opt-in and grant more privileges to scripts on a page. This article explains how to interrogate the client's filesystem using JavaScript and trephine.
-
Solving tabbed browsing for Vaadin applications
-
Performance Gains with Data Parallelism: Using SIMD Instructions from C#
-
Herb Sutter: Visual C++ for Windows 8
-
Google vs Oracle - Jury finds no patent infringements
-
Creating a new Ecore model with Obeo Designer 6.0
-
Meta-programming with AST Tranformations in Groovy | IndicThreads India
Comments
dneuge replied ago:
Since the user still needs Java installed and activated it's NOT JavaScript doing all that. It's a common technique being around for years, because JS can fully interact with Java applets and applets can get free of their sandbox by getting signed and acknowledged by the user.
Jim Wilson replied ago:
Hi dneuge,
You're correct that it requires Java and that applet/JavaScript intercommunication (referred to as LiveConnect) is not new. The aspect that makes trephine's approach novel is that all the business logic is in JavaScript - there's no Java to compile/archive/sign/deploy from the developer's perspective.
Also, trephine abstracts away the details of the applet/DOM communication, which is actually significantly more difficult than you might at first expect. Every combination of operating system, browser, browser version, JVM vendor and Java version can have an effect on how LiveConnect works. For one example, see this article about the difficulties of Opera LiveConnect: http://www.dzone.com/links/opera_liveconnect_originnotallowedexception.html
boraert replied ago:
Java to javascript communication is not harder than javascript to java communication. They are both going through the same medium. I think your justification on eviling java to javascript live connect does not do a good job there. Why would anyone use purely Javascript to program Java? because Opera has a live connect implementation problem? I am pretty sure that is not the only problem Opera browser has with applets. My good suggestion would be to file a bug report with Opera software on Origin not allowed exception.
Jim Wilson replied ago:
Hi boraert,
Thanks for taking the time to comment. I didn't mean to imply that Java to JavaScript was any more or less difficult than JavaScript to Java. I had hoped to express that in general communicating between JavaScript and Java is more arduous than people at first expect, and that this difficulty comes from differences in browsers, browser versions, operating systems, OS versions, JVM vendors and Java versions.
Regarding Opera's LiveConnect security implementation - this is not a bug, I'm sure they intended the exact behavior which we now see. This is just one example of how JavaScript/Java communication is difficult to do right everywhere. I could have just as well explained that IE 6 has a bug wherein newlines in JavaScript sent by Java through window.eval() silently break all execution, or that Firefox on Mac OS prevents referencing Java objects coming from Jars outside the page's domain, or that Safari on Windows wraps all LiveConnect return objects in an NPObject wrapper, etc.
To answer why anyone would rather code applet logic in JavaScript than Java, I have written a separate post to address this[1]. All feedback is welcome. :)
[1] http://www.dzone.com/links/why_trephine_is_better_for_applet_development.html
Voters For This Link (4)
Voters Against This Link (4)