- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Mon, 21 Oct 2013 21:19:39 +0200
- To: Travis Leithead <travis.leithead@microsoft.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
- Message-ID: <52657E4B.9020506@alvestrand.no>
On 10/17/2013 10:22 PM, Travis Leithead wrote:
>
> WebIDL dictionary processing only knows how to deal with known
> dictionary members (see
> http://dev.w3.org/2006/webapi/WebIDL/#es-dictionary). Dictionaries are
> not generic property maps or sets.
>
> In getUserMedia, the intention is to have a set of well-defined
> mandatory constraints (as defined by dictionaries in the spec--or
> inherited/partial dictionaries defined formerly elsewhere)---not to
> support any random property key that is placed on the dictionary
> object by user code.
>
That algorithm will actually never throw for unknown keys, which is what
we want to happen for optionals - they should be ignored.
We could add a preprocessing step, something like (Javascript/WebIDL
pseudocode):
CheckForUnknowns(Object o) {
ConstraintDictionary dict = o
if (keys(o) !== keys(dict)) { // yes I know - JS doesn't make it
THIS easy
throw "Unsatisified constraints" // with stuff to pick the
unknown ones out
}
}
which would make the formal WebIDL mandatory constraints an Object, but
only touched in the conversion
to Dictionary - would that be reasonably safe?
> *From:*Jan-Ivar Bruaroey [mailto:jib@mozilla.com]
> *Sent:* Wednesday, October 16, 2013 12:40 PM
> *To:* Harald Alvestrand; public-media-capture@w3.org
> *Subject:* Re: gUM constraints webidl implementer feedback
>
> On 10/16/13 6:42 AM, Harald Alvestrand wrote:
>
> On 10/15/2013 08:28 PM, Jan-Ivar Bruaroey wrote:
>
> 1. Mandatory constraints aren't implementable as webidl
> dictionaries.
>
> * We're supposed to detect unknown mandatory constraints
> and fail on them, but webidl dictionaries /silently
> ignore/ unknown keys!
>
>
> I thought this was a feature... don't you get to see the ignored
> keys in the engine?
>
>
> No, our webidl-compiler-generated bindings create a new dictionary
> from default values and then interrogates known members it finds in
> the provided content JS object through inspection. This is for
> security reasons, as content JS objects may be toxic. - Unknown
> members have unknown types, so including them safely becomes tricky.
>
>
> 1.
>
> * To work around this problem, I had to alter the API to
> take the mandatory member as a plain object (which
> makes our webidl security guys' neck-hair stand up,
> but it's ok), like this:
>
> o dictionary MediaTrackConstraints {
> object mandatory; // so we can see unknown +
> unsupported constraints
> sequence<MediaTrackConstraint> _optional;
> };
>
> * I then convert it internally to this structure after
> scanning for unknown keys, which should be safe:
>
> o dictionary MediaTrackConstraintsInternal {
> MediaTrackConstraintSet mandatory; // holds
> only supported constraints
> sequence<MediaTrackConstraint> _optional;
> };
>
>
> In lieu of alternative solutions to number 6, I'd like to see
> the spec be explicit about what's needed to implement this as
> it stands.
>
>
> Seems to me we have a differing understanding of how the engine
> should deal with dictionaries.
>
>
> I agree. Maybe the webidl group can help clarify?
>
> .: Jan-Ivar :.
>
Received on Monday, 21 October 2013 19:20:05 UTC