I've been tinkering with evalInSandbox, trying to figure out which
scenarios are unsafe. According to https://developer.mozilla.org/En/Com....evalInSandbox,
pretty much any use of the return value of evalInSandbox, or
properties of the sandbox itself, is unsafe.

For example, the following code should invoke the toString function
and according to the wiki, should be a security risk (because
theoretically it lets the sandboxed code access the privileged
Components.classes):

var sandbox = Components.utils.Sandbox("http://www.example.com");
Components.utils.evalInSandbox("var j = ({toString: function()
{ return Components.classes; } });",sandbox);
alert(sandbox.j + ' moo');

However, when I try this on Firefox 3.5.6, I get a permission denied
error, which seems like the correct, safe behavior. So how come the
wiki page says it isn't? Has something changed recently in the
implementation of the sandbox to make it safer?

If anybody has an idea on when it is safe to use the return value /
sandbox properties and when it isn't, I'd appreciate the help.

Spock