- From: Simon Pieters <simonp@opera.com>
- Date: Fri, 18 Oct 2013 01:41:56 +0200
- To: "Mark S. Miller" <erights@google.com>
- Cc: "James Graham" <james@hoppipolla.co.uk>, "Domenic Denicola" <domenic@domenicdenicola.com>, "public-script-coord@w3.org" <public-script-coord@w3.org>
On Fri, 18 Oct 2013 01:12:23 +0200, Mark S. Miller <erights@google.com>
wrote:
>> I think renaming doesn't really do much to ensure that the above
>> situation
>> doesn't materialize.
>
>
> if (rect instanceof DOMRectReadable) {
> // ok, it's readable, so one can read rect
> untrustedCode.**doSomethingWithRect(rect);
> // I can assume that rect may have been read.
> }
>
> Yes, there is still a possibility of confusion: rect being readable does
> not imply that it is read-only, but one might still misread the correct
> comments above as "I can assume that rect may have *only* been read." But
> at least this is a misreading, and one can learn not to read in more than
> the interface is claiming. Of course, such bugs will happen anyway, but
> this misreading would now be on a par with other normal bugs, such as
> confusing "if" with "iff".
What I mean is, people on the Web write code making completely bogus
assumptions (and no commenting) all the time such that it's hopeless
trying to guide them by the name of an interface.
>> If we want to avoid it, it's better to have completely separated
>> interfaces.
>
>
> Care to make a concrete proposal?
https://dvcs.w3.org/hg/csswg/raw-file/748437d8a1dc/cssom-view/Overview.html#domrect
or
https://dvcs.w3.org/hg/csswg/raw-file/3c529183812b/cssom-view/Overview.html#domrect
A drawback here is that if one wants to check if an object is a "rect",
you need to do two instanceof checks.
--
Simon Pieters
Opera Software
Received on Thursday, 17 October 2013 23:42:35 UTC