pub trait XfaJsRuntime {
// Required methods
fn init(&mut self) -> Result<(), SandboxError>;
fn reset_for_new_document(&mut self) -> Result<(), SandboxError>;
fn execute_script(
&mut self,
activity: Option<&str>,
body: &str,
) -> Result<RuntimeOutcome, SandboxError>;
fn take_metadata(&mut self) -> RuntimeMetadata;
// Provided methods
fn set_form_handle(
&mut self,
_form: *mut FormTree,
_root_id: FormNodeId,
) -> Result<(), SandboxError> { ... }
fn set_data_handle(&mut self, _dom: *const DataDom) { ... }
fn reset_per_script(
&mut self,
_current_id: FormNodeId,
_activity: Option<&str>,
) -> Result<(), SandboxError> { ... }
fn set_static_page_count(
&mut self,
_page_count: u32,
) -> Result<(), SandboxError> { ... }
}Expand description
The host-side adapter the dispatch path calls. A minimal contract chosen so that swapping backends (rquickjs ↔ boa ↔ external sandbox) is one Cargo feature flag away.
Required Methods§
Sourcefn init(&mut self) -> Result<(), SandboxError>
fn init(&mut self) -> Result<(), SandboxError>
One-time initialisation. Idempotent.
Sourcefn reset_for_new_document(&mut self) -> Result<(), SandboxError>
fn reset_for_new_document(&mut self) -> Result<(), SandboxError>
Reset per-document state (memory budget, instruction counter, any cached compiled scripts). Called once per flatten.
Sourcefn execute_script(
&mut self,
activity: Option<&str>,
body: &str,
) -> Result<RuntimeOutcome, SandboxError>
fn execute_script( &mut self, activity: Option<&str>, body: &str, ) -> Result<RuntimeOutcome, SandboxError>
Execute one script body inside the sandbox.
activity is the enclosing <event activity="..."> value if
any. The dispatch site has already filtered against
activity_allowed_for_sandbox; backends may treat unknown
activities as PhaseDenied for defence-in-depth.
Sourcefn take_metadata(&mut self) -> RuntimeMetadata
fn take_metadata(&mut self) -> RuntimeMetadata
Take the cumulative metadata since the last take_metadata
call (or since reset_for_new_document, whichever was later).
Provided Methods§
Sourcefn set_form_handle(
&mut self,
_form: *mut FormTree,
_root_id: FormNodeId,
) -> Result<(), SandboxError>
fn set_form_handle( &mut self, _form: *mut FormTree, _root_id: FormNodeId, ) -> Result<(), SandboxError>
Phase C: install the FormTree the runtime should resolve paths
against and mutate. The dispatch path owns the mutable borrow and clears
the handle before returning.
Sourcefn set_data_handle(&mut self, _dom: *const DataDom)
fn set_data_handle(&mut self, _dom: *const DataDom)
Phase D-γ: install a read-only view of the DataDom for the current
document. Called once per document after set_form_handle, before any
scripts run. Default: no-op (backends without DataDom support ignore it).
§Safety
Callers must guarantee that dom outlives all script execution for
this document (i.e. it must remain alive until set_form_handle(null)
is called). The runtime stores the pointer read-only and never writes
through it.
Sourcefn reset_per_script(
&mut self,
_current_id: FormNodeId,
_activity: Option<&str>,
) -> Result<(), SandboxError>
fn reset_per_script( &mut self, _current_id: FormNodeId, _activity: Option<&str>, ) -> Result<(), SandboxError>
Phase C: reset per-script host counters and install the current script context node / activity. Backends without host bindings ignore it.
Sourcefn set_static_page_count(
&mut self,
_page_count: u32,
) -> Result<(), SandboxError>
fn set_static_page_count( &mut self, _page_count: u32, ) -> Result<(), SandboxError>
Phase C page-count foundation. The current flatten order runs scripts before layout, so callers normally leave this at 0.