W3C home > Mailing lists > Public > public-web-security@w3.org > November 2012

Re: CSP 1.1 DOM design

From: David Bruant <bruant.d@gmail.com>
Date: Tue, 06 Nov 2012 10:51:51 +0100
Message-ID: <5098DDB7.3000705@gmail.com>
To: Boris Zbarsky <bzbarsky@MIT.EDU>
CC: Cameron McCormack <cam@mcc.id.au>, Alex Russell <slightlyoff@google.com>, public-web-security@w3.org
Le 05/11/2012 23:35, Boris Zbarsky a écrit :
> On 11/5/12 2:16 PM, Cameron McCormack wrote:
>> If it's the latter, then I think either Boris' suggestion of having two
>> interfaces, and stating in prose which one is implemented on Document,
>> would be OK.  I think it'd be fine too to just make it not readonly in
>> the IDL and for there to be a prose hook to do all the right
>> throwing-or-ignoring things that you would normally get from assigning
>> to an accessor property without a setter.
>
> I don't see how the latter can really work.  As a simple example, if I 
> grab a setter out of a property descriptor and then later call it, 
> which code's strict mode is relevant?  The code that grabbed the 
> setter or the code that called it?  Is there anything that requires an 
> ES impl to actually keep track of strict mode for function calls?  
> Because I don't think Spidermonkey does anything like that....
Strict mode is a static thing. If a function is defined (and 
instantiated) in a strict portion of a program (or is a strict 
function), then, regardless of who's grabbing and who's calling, the 
function applies strict rules.
I think the essence of strictness should be kept.

David
Received on Tuesday, 6 November 2012 09:52:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 6 November 2012 09:52:35 GMT