Re: CSP 1.1 DOM design

On Mon, Nov 5, 2012 at 1:08 AM, Boris Zbarsky <> wrote:

> On 11/4/12 3:58 PM, Alex Russell wrote:
>>      DOMString toString();
> This should probably be:
>   stringifier;
> instead (which in ES will produce a toString on the prototype, but is more
> clear about the point, and might do different things in other binding
> languages).

Other binding languages don't matter, but OK.

>  One open issue: I'm not sure If allowsEval, allowsInlineScript, and
>> allowsInlineStyle should just be boolean getters or if they should stay
>> methods
> I think readonly boolean attributes would make more sense here, personally.

Read-only when vended from document.securityPolicy, right?

When constructed ("new SecurityPolicy(...)"), I think they should be

> Another thing to think about is whether reportURIs should really be an IDL
> array (which does NOT produce a JS array on the JS side, so it really
> depends on the expected use cases).

I'll advocate for a JS array wherever we surface an array-like collection.
It's long past time that we stopped shitting on users with ad-hoc
collection types. If you want it read-only, vend an ES6 proxy. We can
figure out later how to say that in WebIDL (not that it actually matters,

Received on Monday, 5 November 2012 10:33:41 UTC