Re: Privileged context features and JavaScript from Martin Thomson on 2015-04-17 (public-webappsec@w3.org from April 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 17 Apr 2015 09:07:50 -0700
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>, Webapps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>, public-script-coord <public-script-coord@w3.org>
Message-ID: <CABkgnnU7w_oFt2L2ZOjMOkpw84RLFh_aFr3i9sekhRYDFTFD6A@mail.gmail.com>

On 17 April 2015 at 08:16, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>    If the API returns a Promise type, return a Promise rejected with
>    a TypeError (??).  Otherwise, the operation steps MUST fail in some
>    way.
>
> Or some such.

SecurityError perhaps.  But I still like the idea of an IDL annotation
like [SecureContext] that causes the API to disappear as though not
implemented.

Received on Friday, 17 April 2015 16:08:24 UTC