W3C home > Mailing lists > Public > public-web-security@w3.org > November 2012

Re: CSP 1.1 DOM design

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 06 Nov 2012 07:01:39 -0800
Message-ID: <50992653.8080205@mit.edu>
To: Alex Russell <slightlyoff@google.com>
CC: public-web-security@w3.org, Cameron McCormack <cam@mcc.id.au>
On 11/6/12 1:04 AM, Alex Russell wrote:
> It's possible to model this the other way: it calls a JS setter which
> may throw or call an IDL setter.

How does that help?

> To preserve the invariants...I suppose without the overhead of having to
> define a brand new type since it's a one-off.

I think the overhead involved is very small, personally...

> I think that's a dated understanding of proxies. The current Direct
> Proxies proposal applies instanceof to the target

Ah, interesting.  That would make things a bit better, yes.

> As I suggested before, the exercise here should be to write down the
> behavior you want in JS and then transcribe it back to IDL.

Yes, on this I agree.

Received on Tuesday, 6 November 2012 15:02:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:20 UTC