Roku Community

nickchavez · ‎08-09-2023

Hi all,

In my channel, I'm trying to load a ComponentLibrary authored and managed by a 3P developer. All works correctly, but I was wondering if there was a way to isolate the execution of this code from the rest of this channel -- in particular preventing it from accessing the channel's SceneGraph. Mostly this is to prevent bugs in the ComponentLibrary from spreading into the rest of the channel. Think of how you can embed a cross origin, sandboxed iframe on the web for this purpose.

Currently, the ComponentLibrary code can access the channel's SceneGraph by calling `m.global.getScene()` and going from there. Is there anyway to prevent this? I tried creating a new Scene and Screen and this *works* in that the ComponentLibrary can only access these "staging" nodes, but then these blow away the existing channel UI.

Any ideas?

nickchavez · ‎08-10-2023

Nas Banov on the Roku Slack responded with a very helpful answer:

no - i don’t believe there is way to accomplish what your need described in the forum is.a component created from a DCL would be able to call `m.top.getScene()` and then rummage throughout the scene tree.

so you must trust implicitly to any DCLs you load.If those are plugins from 3rd party developers (say interactive ads vendor), my recommendation would be to “own” the publishing of these and not leave it to the 3rd party. That is, they give you plugin in source form so it could be reviewed if need be - and you host it at your location/CDN, not load dynamically from random URLs

Roku Community

Roku Developer Program

Isolating a ComponentLibrary

Re: Isolating a ComponentLibrary