Re: [RequestAnimationFrame] Integer identifiers: let's not make the same mistake again. from Mark S. Miller on 2011-06-28 (public-web-perf@w3.org from June 2011)

From: Mark S. Miller <erights@google.com>
Date: Tue, 28 Jun 2011 17:29:25 -0600
To: James Robinson <jamesr@google.com>, David Bruant <david.bruant@labri.fr>, public-web-perf@w3.org, "Mark S. Miller" <erights@google.com>, Google Caja Discuss <google-caja-discuss@googlegroups.com>
Message-ID: <BANLkTikh+5d7yxOqniD+O8Vu4ta=MmujEQ@mail.gmail.com>

On Tue, Jun 28, 2011 at 3:37 PM, Cameron McCormack <cam@mcc.id.au> wrote:

> James Robinson:
> > I'm not sure I understand exactly what you mean here - script can only
> > cancel timers that it set.  Could you expand a bit on what you mean by
> > "granted the right to do so"?
>
> And if script you don’t control is running on your page, it being able
> to cancel your requestAnimationFrame calls is probably the least of your
> worries.
>

Not any more:
http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/
Original announcement at
https://mail.mozilla.org/pipermail/es-discuss/2010-August/011684.html
Presentation http://www.infoq.com/presentations/From-E-to-EcmaScript
Interview
http://www.infoq.com/interviews/ecmascript-5-caja-retrofitting-security

With the improvements made by EcmaScript 5 and initSES.js, enabling Secure
EcmaScript (SES), in most ways we now have better protection from untrusted
code within a web page than we do between pages at different origins. SES
strives to be a compatible subset of ES5, and its DOM taming, Domado,
strives to be a compatible subset/virtualization of the browser DOM API.

We achieve this goal almost perfectly. One place we had to violate the
subset rule is setTimeout/setInterval. In Caja and SES, these return opaque
objects, not integers, precisely for the reasons given at the start of this
thread. So far, we have encountered no legacy code broken by this change. If
the w3c does make this mistake again, Caja and SES will violate the standard
again in precisely the same way and for the same reason. I suspect the
effect of this violation to be as painless on actual code. Still, it would
be better for w3c/whatwg to avoid this mistake, as proposed in this thread.

>
> > The reason for using integer identifiers is to remain close to
> > setTimeout/setInteval, but I think an opaque identifier would work
> equally
> > well.  I'm not sure what benefit it would give, however.
>
> I agree, I don’t see it providing enough benefits to warrant changing.
>
> --
> Cameron McCormack ≝ http://mcc.id.au/
>

-- 
    Cheers,
    --MarkM

Received on Tuesday, 28 June 2011 23:29:51 UTC