Closed cscott closed 10 years ago
..and I would appreciate some suggestions on the best way to do that in PHP. On the V8 side we check to see if the constructor argument is an V8::External to distinguish between internal and user invocation of the constructor. I don't see any easy way to distinguish user invocation of the constructor on the PHP side, although we could sort of copy the V8 approach and register a new resource type, which we passed to the constructor only when invoking it internally. Invoking the constructor without the proper resource would either be an error or (again aping the V8 approach) automatically create an appropriate empty V8 object to wrap. (It makes sense for new V8Object
to be the PHP equivalent of the JavaScript Object.create(null)
, but new V8Function
should throw an exception, I can't see any reasonable thing that should do.)
Thoughts?
On review of the code ... The V8Object
constructor would need to take a reference to a V8Js
object in order to obtain the proper isolate. So the PHP code would be $obj = new V8Object($v8js)
. Is this API actually worth implementing, or should new V8Object
from user code just throw an exception?
I don't think new V8Object
could be useful. After all, if I'd like to pass back a simple object from PHP to V8 I could always
$foo = new stdClass();
$foo->bar = 23;
$whatever->callback($foo);
Contrary I think it's useful if you can rely on objects from JS context to be derived from V8Object
, and further, that only those can have that particular class.
For example at one place I expose a factory to JS, which allows to request certain object instances from PHP and I expect the JS code to configure those, build a collection of them and pass them back to another PHP method (which calls methods on the object collection in turn). The JS code could easily provide an object looking equally, but I need to detect those cases not to leak certain objects to (untrusted) JS code. If I would create V8Object instances in PHP as well, detecting those would be painful, if they get passed back.
Accomplished with pull #76. Keep your eyes open for other issues of this sort (although I don't know of any at this time).
From PHP code you can do
or
which then segfaults. We need to protect these constructors from user code.