W3C home > Mailing lists > Public > public-script-coord@w3.org > January to March 2016

Re: [SecureContext] - throw or hide

From: Richard Barnes <rbarnes@mozilla.com>
Date: Mon, 21 Mar 2016 10:31:34 -0400
Message-ID: <CAOAcki-x0XVSoydHCry-hX7t=Fv=JEDuwYKm+MPUCbKFGJSR6A@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Anne van Kesteren <annevk@annevk.nl>, Jonathan Watt <jwatt@jwatt.org>, Martin Thomson <mt@mozilla.com>, public-script-coord <public-script-coord@w3.org>
On Mon, Mar 21, 2016 at 8:57 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> On 3/21/16 4:53 AM, Anne van Kesteren wrote:
>
>> I think it's mostly Richard and Martin that favor tying this to exposure.
>>
>
> And me, for what it's worth.  I strongly believe we should not be exposing
> attribute getters that are 100% guaranteed to throw when called.
>

+1

I'm not hearing anyone here calling for throwing at this point, so maybe
there's consensus on hiding?



>
> I think that only works well for new APIs. We'd then still need
>> something for legacy APIs we want to limit to secure contexts (maybe
>> just prose).
>>
>
> Why?   That is, why do you think it's more web-compatible to make an API
> that's feature-detected as present throw than to make it feature-detect as
> not present and hence trigger polyfills.
>
> I tend to think we should just do whatever is least complicated
>>
>
> And most likely to actually be shippable, yes.
>
> -Boris
>
Received on Monday, 21 March 2016 14:32:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:25 UTC