jseSecurityInit
This function is the main security function. It is run before the script that it is protecting is run, and it sets up the security the child is going to be run under. It specifies which functions the child will be allowed to call. By default, the child will not be allowed to call any insecure functions. In this function, you explicitly specify which insecure functions the child will be allowed to call. You do this by calling the setSecurity() method, which is a method of all ScriptEase functions.
In case that is confusing, a quick example of a jseSecurityInit function should clear it up:
function jseSecurityInit(security_var)
{
Clib.remove.setSecurity(jseSecureAllow);
}
This particular security initialization function is written in ScriptEase script. However, you can also implement all of these functions using the ScriptEase API and wrapper functions. We will implement the examples as scripts for clarity. The first thing you notice about the function is that it takes a parameter, we have named it security_var. We did not use it in this example. This parameter is the "security variable" described below."
The body of the function usually lists which functions are to be allowed. Notice that we call the setSecurity() method of the particular function we want to allow. This method takes one parameter, the security state of the function. jseSecureAllow specifies that this function is allowed to be called.
There are two other values we could have used instead. The value jseSecureReject causes calls to the function to fail. This is the default for all functions, so it is usually redundant to specify it. However, if setSecurity() is called more than once for the same function, the last call takes precedence. You can use this value to undo allowing access to a particular function.
The final value is jseSecureGuard, which says that any time this function is called, we must first call the jseSecurityGuard function to determine if the call will be allowed. This function is described below.
Note: The setSecurity() method can only be called in a security initialization function. Trying to call it at other times generates errors.