- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 4 Dec 2007 08:57:07 +0100
- To: Marcos Caceres <marcosscaceres@gmail.com>
- Cc: public-appformats@w3.org
On 2007-12-04 14:17:01 +1000, Marcos Caceres wrote: > I guess one thing we don't need to worry about at the moment is > concerning ourselves with the widget.system() API, as we > currently don't spec it ( should we?:) ).... I have no particular desire for that; however, if there was work on a capability-based security model for widgets, then that kind of API would need to be covered. > And I'm not sure what we can do with regards to eval() as I > gather that is a problem for the web at large.... One question (and I'm going out on a limb here) is whether there should be standardized JSON parsing and request APIs some time soon -- that's, in fact, a generic question around Web APIs. Until these exists (and are deployed), I'm pretty sure we'll continue to see (a) JSON, and (b) eval used to parse it. With Widgets that aren't sandboxed, the problem becomes just much more pressing. The other observation is that capability-like security models for widgets are nice, but will inevitably make those who program them exercise the "get functionality, fast" card. Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 4 December 2007 07:57:17 UTC