W3C home > Mailing lists > Public > public-script-coord@w3.org > October to December 2013

Re: Figuring out easier readonly interfaces

From: Simon Pieters <simonp@opera.com>
Date: Fri, 18 Oct 2013 01:41:56 +0200
To: "Mark S. Miller" <erights@google.com>
Cc: "James Graham" <james@hoppipolla.co.uk>, "Domenic Denicola" <domenic@domenicdenicola.com>, "public-script-coord@w3.org" <public-script-coord@w3.org>
Message-ID: <op.w44hf6h6idj3kv@simons-macbook-pro.local>
On Fri, 18 Oct 2013 01:12:23 +0200, Mark S. Miller <erights@google.com>  

>> I think renaming doesn't really do much to ensure that the above  
>> situation
>> doesn't materialize.
> if (rect instanceof DOMRectReadable) {
>   // ok, it's readable, so one can read rect
>   untrustedCode.**doSomethingWithRect(rect);
>   // I can assume that rect may have been read.
> }
> Yes, there is still a possibility of confusion: rect being readable does
> not imply that it is read-only, but one might still misread the correct
> comments above as "I can assume that rect may have *only* been read." But
> at least this is a misreading, and one can learn not to read in more than
> the interface is claiming. Of course, such bugs will happen anyway, but
> this misreading would now be on a par with other normal bugs, such as
> confusing "if" with "iff".

What I mean is, people on the Web write code making completely bogus  
assumptions (and no commenting) all the time such that it's hopeless  
trying to guide them by the name of an interface.

>> If we want to avoid it, it's better to have completely separated  
>> interfaces.
> Care to make a concrete proposal?




A drawback here is that if one wants to check if an object is a "rect",  
you need to do two instanceof checks.

Simon Pieters
Opera Software
Received on Thursday, 17 October 2013 23:42:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:18 UTC