- From: Christian Biesinger <cbiesinger@gmail.com>
- Date: Wed, 29 Jun 2011 12:57:08 +0200
- To: James Robinson <jamesr@google.com>
- Cc: "Mark S. Miller" <erights@google.com>, David Bruant <david.bruant@labri.fr>, public-web-perf@w3.org, Google Caja Discuss <google-caja-discuss@googlegroups.com>
On Wed, Jun 29, 2011 at 1:33 AM, James Robinson <jamesr@google.com> wrote: > I'm aware of caja but do not see how that is relevant to this discussion. > Caja wraps native APIs like setTimeout/clearTimeout, right? It should be > possible to implement any sort of guards around the values allowed at this > level without changing the type of the identifier. For example, you could > remap the values returned by the user agent to another integer range or > check that a clearTimeout() from a given script is ignored if it does not > correspond to an earlier setTimeout() associated with the same value. I'm > not sure why you chose to have caja return opaque identifiers (as that seems > unnecessary) but you could do that as well, I suppose. I see that a lot of people don't like the idea of returning opaque identifiers in this thread, but why not? What is the downside? It does provide the advantages that have been mentioned, but doesn't seem to have downsides. -christian
Received on Wednesday, 29 June 2011 10:57:35 UTC