W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2013

Re: gUM constraints webidl implementer feedback

From: Harald Alvestrand <harald@alvestrand.no>
Date: Mon, 21 Oct 2013 21:19:39 +0200
Message-ID: <52657E4B.9020506@alvestrand.no>
To: Travis Leithead <travis.leithead@microsoft.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 10/17/2013 10:22 PM, Travis Leithead wrote:
>
> WebIDL dictionary processing only knows how to deal with known 
> dictionary members (see 
> http://dev.w3.org/2006/webapi/WebIDL/#es-dictionary). Dictionaries are 
> not generic property maps or sets.
>
> In getUserMedia, the intention is to have a set of well-defined 
> mandatory constraints (as defined by dictionaries in the spec--or 
> inherited/partial dictionaries defined formerly elsewhere)---not to 
> support any random property key that is placed on the dictionary 
> object by user code.
>

That algorithm will actually never throw for unknown keys, which is what 
we want to happen for optionals - they should be ignored.

We could add a preprocessing step, something like (Javascript/WebIDL 
pseudocode):

CheckForUnknowns(Object o) {
    ConstraintDictionary dict = o
    if (keys(o) !== keys(dict)) {  // yes I know - JS doesn't make it 
THIS easy
       throw "Unsatisified constraints"  // with stuff to pick the 
unknown ones out
    }
}

which would make the formal WebIDL mandatory constraints an Object, but 
only touched in the conversion
to Dictionary - would that be reasonably safe?


> *From:*Jan-Ivar Bruaroey [mailto:jib@mozilla.com]
> *Sent:* Wednesday, October 16, 2013 12:40 PM
> *To:* Harald Alvestrand; public-media-capture@w3.org
> *Subject:* Re: gUM constraints webidl implementer feedback
>
> On 10/16/13 6:42 AM, Harald Alvestrand wrote:
>
>     On 10/15/2013 08:28 PM, Jan-Ivar Bruaroey wrote:
>
>          1. Mandatory constraints aren't implementable as webidl
>             dictionaries.
>
>               * We're supposed to detect unknown mandatory constraints
>                 and fail on them, but webidl dictionaries /silently
>                 ignore/ unknown keys!
>
>
>     I thought this was a feature... don't you get to see the ignored
>     keys in the engine?
>
>
> No, our webidl-compiler-generated bindings create a new dictionary 
> from default values and then interrogates known members it finds in 
> the provided content JS object through inspection. This is for 
> security reasons, as content JS objects may be toxic. - Unknown 
> members have unknown types, so including them safely becomes tricky.
>
>
>         1.
>
>               * To work around this problem, I had to alter the API to
>                 take the mandatory member as a plain object (which
>                 makes our webidl security guys' neck-hair stand up,
>                 but it's ok), like this:
>
>                   o dictionary MediaTrackConstraints {
>                         object mandatory; // so we can see unknown +
>                     unsupported constraints
>                         sequence<MediaTrackConstraint> _optional;
>                     };
>
>               * I then convert it internally to this structure after
>                 scanning for unknown keys, which should be safe:
>
>                   o dictionary MediaTrackConstraintsInternal {
>                         MediaTrackConstraintSet mandatory; // holds
>                     only supported constraints
>                         sequence<MediaTrackConstraint> _optional;
>                     };
>
>
>         In lieu of alternative solutions to number 6, I'd like to see
>         the spec be explicit about what's needed to implement this as
>         it stands.
>
>
>     Seems to me we have a differing understanding of how the engine
>     should deal with dictionaries.
>
>
> I agree. Maybe the webidl group can help clarify?
>
> .: Jan-Ivar :.
>
Received on Monday, 21 October 2013 19:20:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:20 UTC